CVE-2012-6096 - history.cgi remote command execution
|Target version:||Icinga 1.x - 1.9|
|Icinga Version:||1.8.3||OS Version:||any|
there's a cve floating around the net with the subject "CVE-2012-6096 - Nagios history.cgi Remote Command Execution" which may affect Icinga as well, having the same code base as Nagios in this regard.
tests have unveiled, that without authorization (or by given auth credentials), this cve is valid. though, Icinga requires some more changes on that.
since there are some other bugfixes on the plate for 1.8.4, we'll port the nagios patch, after having investigated their patch for a while now. furthermore, this patch must be backported to existing 1.7.x and 1.6.x branches
possible fix for CVE-2012-6096 (nagios), added Icinga specific fixes