USN-532-1: nagios-plugins vulnerability
22 October 2007
nagios-plugins vulnerability
Releases
Packages
Details
Nobuhiro Ban discovered that check_http in nagios-plugins did
not properly sanitize its input when following redirection
requests. A malicious remote web server could cause a denial
of service or possibly execute arbitrary code as the user.
(CVE-2007-5198)
Aravind Gottipati discovered that sslutils.c in nagios-plugins
did not properly reset pointers to NULL. A malicious remote web
server could cause a denial of service.
Aravind Gottipati discovered that check_http in nagios-plugins
did not properly calculate how much memory to reallocate when
following redirection requests. A malicious remote web server
could cause a denial of service.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 6.06
-
nagios-plugins
-
1.4.2-5ubuntu3.1
-
nagios-plugins-basic
-
1.4.2-5ubuntu3.1
-
nagios-plugins-standard
-
1.4.2-5ubuntu3.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.