CVE-2007-5198
Published: 4 October 2007
Buffer overflow in the redir function in check_http.c in Nagios Plugins before 1.4.10, when running with the -f (follow) option, allows remote web servers to execute arbitrary code via Location header responses (redirects) with a large number of leading "L" characters.
Notes
Author | Note |
---|---|
jdstrand | supplied debdiff in LP doesn't address (fixed in CVS before 1.4.11) http://sourceforge.net/tracker/index.php?func=detail&aid=1813346&group_id=29880&atid=397597 also has two DoS: http://sourceforge.net/tracker/index.php?func=detail&aid=1729692&group_id=29880&atid=397597 http://nagiosplug.cvs.sourceforge.net/nagiosplug/nagiosplug/plugins/sslutils.c?r1=1.3&r2=1.4 (no bug report, see the changelog) |
Priority
Status
Package | Release | Status |
---|---|---|
nagios-plugins Launchpad, Ubuntu, Debian |
dapper |
Released
(1.4.2-5ubuntu3.1)
|
edgy |
Released
(1.4.3.0cvs.20060707-3ubuntu0.1)
|
|
feisty |
Released
(1.4.5-2ubuntu0.1)
|
|
gutsy |
Released
(1.4.8-2.1ubuntu1.1)
|
|
upstream |
Released
(1.4.11)
|