Nagios Core ‘process_cgivars()’ Function Stack Based Buffer Overflow Exploit

Summary

Nagios Core is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Credit:

Details

Vulnerable Systems:
 * Nagios Core 3.4.3

An attacker could exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Exploit:
The following example URI is available:
http://www.example.com/nagios/cgi-bin/history.cgi?host=aaaaaaa… (4000 ‘a’s)

Disclosure Timeline:
Published: December 09 2012

Categories: Exploits