Vulnerabilities > CVE-2014-2386 - Numeric Errors vulnerability in multiple products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Multiple off-by-one errors in Icinga, possibly 1.10.2 and earlier, allow remote attackers to cause a denial of service (crash) via unspecified vectors to the (1) display_nav_table, (2) print_export_link, (3) page_num_selector, or (4) page_limit_selector function in cgi/cgiutils.c or (5) status_page_num_selector function in cgi/status.c, which triggers a stack-based buffer overflow.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_4E95EB4EB73711E387CDF0DEF10DCA57.NASL
    descriptionThe Icinga Team reports : Wrong strlen check against MAX_INPUT_BUFFER without taking
    last seen2020-06-01
    modified2020-06-02
    plugin id73266
    published2014-03-31
    reporterThis script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73266
    titleFreeBSD : Icinga -- buffer overflow in classic web interface (4e95eb4e-b737-11e3-87cd-f0def10dca57)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-237.NASL
    descriptionThe monitoring system icinga received security fixes in the cgi helpers where buffers could be overflowed by 1 byte. Note that this will be caught by the FORTIFY_SOURCE static overflow detection.
    last seen2020-06-05
    modified2014-06-13
    plugin id75303
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75303
    titleopenSUSE Security Update : icinga (openSUSE-SU-2014:0420-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2956.NASL
    descriptionMultiple security issues have been found in the Icinga host and network monitoring system (buffer overflows, cross-site request forgery, off-by ones) which could result in the execution of arbitrary code, denial of service or session hijacking.
    last seen2020-03-17
    modified2014-06-12
    plugin id74477
    published2014-06-12
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74477
    titleDebian DSA-2956-1 : icinga - security update

Seebug

bulletinFamilyexploit
descriptionCVE ID:CVE-2014-2386 Icinga是一款系统监控服务程序。 Icinga cgi/cgiutils.c和cgi/status.c存在边界错误,允许攻击者利用漏洞进行缓冲区溢出攻击,可使应用程序崩溃或执行任意代码。 0 Icinga 1.x Icinga 1.11.1, 1.10.4或1.9.6版本已修复该漏洞,建议用户下载使用: https://www.icinga.org
idSSV:62102
last seen2017-11-19
modified2014-04-10
published2014-04-10
reporterRoot
titleIcinga cgi/cgiutils.c和cgi/status.c缓冲区溢出漏洞