{"containers":{"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2012-12-09T00:00:00.000Z","descriptions":[{"lang":"en","value":"Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2013-02-02T10:00:00.000Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"20121209 Nagios Core 3.4.3: Stack based buffer overflow in web interface","tags":["mailing-list","x_refsource_FULLDISC"],"url":"http://lists.grok.org.uk/pipermail/full-disclosure/2012-December/089125.html"},{"name":"DSA-2616","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2013/dsa-2616"},{"name":"openSUSE-SU-2013:0188","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-updates/2013-01/msg00077.html"},{"name":"24084","tags":["exploit","x_refsource_EXPLOIT-DB"],"url":"http://www.exploit-db.com/exploits/24084"},{"name":"openSUSE-SU-2013:0140","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-updates/2013-01/msg00033.html"},{"name":"51863","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/51863"},{"name":"openSUSE-SU-2013:0206","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-updates/2013-01/msg00088.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.nagios.org/projects/nagioscore/history/core-3x"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=893269"},{"name":"24159","tags":["exploit","x_refsource_EXPLOIT-DB"],"url":"http://www.exploit-db.com/exploits/24159"},{"name":"89170","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://www.osvdb.org/89170"},{"tags":["x_refsource_CONFIRM"],"url":"https://www.icinga.org/2013/01/14/icinga-1-6-2-1-7-4-1-8-4-released/"},{"name":"openSUSE-SU-2013:0169","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-updates/2013-01/msg00060.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://dev.icinga.org/issues/3532"},{"name":"DSA-2653","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2013/dsa-2653"},{"name":"56879","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/56879"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-06T21:21:28.457Z"},"title":"CVE Program Container","references":[{"name":"20121209 Nagios Core 3.4.3: Stack based buffer overflow in web interface","tags":["mailing-list","x_refsource_FULLDISC","x_transferred"],"url":"http://lists.grok.org.uk/pipermail/full-disclosure/2012-December/089125.html"},{"name":"DSA-2616","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2013/dsa-2616"},{"name":"openSUSE-SU-2013:0188","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-updates/2013-01/msg00077.html"},{"name":"24084","tags":["exploit","x_refsource_EXPLOIT-DB","x_transferred"],"url":"http://www.exploit-db.com/exploits/24084"},{"name":"openSUSE-SU-2013:0140","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-updates/2013-01/msg00033.html"},{"name":"51863","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/51863"},{"name":"openSUSE-SU-2013:0206","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-updates/2013-01/msg00088.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.nagios.org/projects/nagioscore/history/core-3x"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=893269"},{"name":"24159","tags":["exploit","x_refsource_EXPLOIT-DB","x_transferred"],"url":"http://www.exploit-db.com/exploits/24159"},{"name":"89170","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://www.osvdb.org/89170"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://www.icinga.org/2013/01/14/icinga-1-6-2-1-7-4-1-8-4-released/"},{"name":"openSUSE-SU-2013:0169","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-updates/2013-01/msg00060.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://dev.icinga.org/issues/3532"},{"name":"DSA-2653","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2013/dsa-2653"},{"name":"56879","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/56879"}]}]},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2012-6096","datePublished":"2013-01-22T23:00:00.000Z","dateReserved":"2012-12-06T00:00:00.000Z","dateUpdated":"2024-08-06T21:21:28.457Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}