Your submission was sent successfully! Close

USN-532-1: nagios-plugins vulnerability

22 October 2007

nagios-plugins vulnerability

Releases

Packages

Details

Nobuhiro Ban discovered that check_http in nagios-plugins did
not properly sanitize its input when following redirection
requests. A malicious remote web server could cause a denial
of service or possibly execute arbitrary code as the user.
(CVE-2007-5198)

Aravind Gottipati discovered that sslutils.c in nagios-plugins
did not properly reset pointers to NULL. A malicious remote web
server could cause a denial of service.

Aravind Gottipati discovered that check_http in nagios-plugins
did not properly calculate how much memory to reallocate when
following redirection requests. A malicious remote web server
could cause a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 6.06

In general, a standard system upgrade is sufficient to effect the
necessary changes.

References