What is CVE-2012-6096?

CVE-2012-6096 is a vulnerability in Icinga, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2013-01-22.

Is CVE-2012-6096 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Icinga

CVE-2012-6096

Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code…

Vulnerability class: Buffer Overflow

EPSS: 0.799 (99.1th percentile) — read the EPSS interpretation.

Affected products

Icinga — versions 1.6.0, 1.6.1, 1.7.0
Nagios — versions 3.0, 3.0.1, 3.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

rapid7/metasploit-framework

References

20121209 Nagios Core 3.4.3: Stack based buffer overflow in web interface (mailing-list, x_refsource_FULLDISC)
DSA-2616 (vendor-advisory, x_refsource_DEBIAN)
openSUSE-SU-2013:0188 (vendor-advisory, x_refsource_SUSE)
24084 (Exploit, exploit, x_refsource_EXPLOIT-DB)
openSUSE-SU-2013:0140 (vendor-advisory, x_refsource_SUSE)
51863 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
openSUSE-SU-2013:0206 (vendor-advisory, x_refsource_SUSE)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM)
24159 (Exploit, exploit, x_refsource_EXPLOIT-DB)

Frequently asked questions

What is CVE-2012-6096?: CVE-2012-6096 is a vulnerability in Icinga, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2013-01-22.
Is CVE-2012-6096 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.