This repository has been archived by the owner on Jan 15, 2019. It is now read-only.
[dev.icinga.com #3532] CVE-2012-6096 - history.cgi remote command execution #1201
Labels
Milestone
Comments
|
Updated by mfriedrich on 2013-01-13 22:41:14 +00:00
|
|
Updated by mfriedrich on 2013-01-13 22:41:32 +00:00 https://www.icinga.org/2013/01/14/icinga-1-6-2-1-7-4-1-8-4-released/ |
|
Updated by mfriedrich on 2014-12-08 09:28:00 +00:00
|
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
This issue has been migrated from Redmine: https://dev.icinga.com/issues/3532
Created by mfriedrich on 2013-01-13 21:14:12 +00:00
Assignee: mfriedrich
Status: Resolved (closed on 2013-01-13 22:41:14 +00:00)
Target Version: 1.9
Last Update: 2014-12-08 09:28:00 +00:00 (in Redmine)
there's a cve floating around the net with the subject "CVE-2012-6096 - Nagios history.cgi Remote Command Execution" which may affect Icinga as well, having the same code base as Nagios in this regard.
tests have unveiled, that without authorization (or by given auth credentials), this cve is valid. though, Icinga requires some more changes on that.
since there are some other bugfixes on the plate for 1.8.4, we'll port the nagios patch, after having investigated their patch for a while now. furthermore, this patch must be backported to existing 1.7.x and 1.6.x branches
Changesets
2013-01-13 21:10:10 +00:00 by (unknown) 747736d
2013-01-13 21:17:57 +00:00 by (unknown) 7142766
2013-01-13 21:22:12 +00:00 by (unknown) 46f5557
2013-01-13 21:23:29 +00:00 by (unknown) 600418e
The text was updated successfully, but these errors were encountered: