what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2007-5198

Status Candidate

Overview

Buffer overflow in the redir function in check_http.c in Nagios Plugins before 1.4.10, when running with the -f (follow) option, allows remote web servers to execute arbitrary code via Location header responses (redirects) with a large number of leading "L" characters.

Related Files

Mandriva Linux Security Advisory 2008-067
Posted Mar 19, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A number of vulnerabilities were found in Nagios and Nagios Plugins that are corrected with the latest version of both, as provided in this update. These vulnerabilities are buffer overflows and cross site scripting flaws.

tags | advisory, overflow, vulnerability, xss
systems | linux, mandriva
advisories | CVE-2007-5198, CVE-2007-5623, CVE-2007-5624, CVE-2008-1360
SHA-256 | 2f4d9c1c499d12bd735b9a54fb90639a6cd4fbc44aa5941702b3ee06c2c99113
Debian Linux Security Advisory 1495-2
Posted Feb 18, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1495-2 - A problem with the build system of the nagios-plugins package from old stable (Sarge) lead to check_procs not being included for the i386 architecture. This update fixes this regression. Several local/remote vulnerabilities had been discovered in two of the plugins for the Nagios network monitoring and management system.

tags | advisory, remote, local, vulnerability
systems | linux, debian
advisories | CVE-2007-5198, CVE-2007-5623
SHA-256 | f9f1ad771d269baff1cb5f1d569d1fe5a4f6408fb340f112ed84ff1ebb800d07
Debian Linux Security Advisory 1495-1
Posted Feb 12, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1495-1 - Several local/remote vulnerabilities have been discovered in two of the plugins for the Nagios network monitoring and management system. A buffer overflow has been discovered in the parser for HTTP Location headers (present in the check_http module). A buffer overflow has been discovered in the check_snmp module.

tags | advisory, remote, web, overflow, local, vulnerability
systems | linux, debian
advisories | CVE-2007-5198, CVE-2007-5623
SHA-256 | b718f3d850c7ae2b639d85c965fdb86e849f7b2350eb8bf95e90b635271d3450
Gentoo Linux Security Advisory 200711-11
Posted Nov 8, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200711-11 - fabiodds reported a boundary checking error in the check_snmp plugin when processing SNMP GET replies that could lead to a stack-based buffer overflow. Nobuhiro Ban reported a boundary checking error in the redir() function of the check_http plugin when processing HTTP Location: header information which might lead to a buffer overflow. Versions less than 1.4.10-r1 are affected.

tags | advisory, web, overflow
systems | linux, gentoo
advisories | CVE-2007-5198, CVE-2007-5623
SHA-256 | fa85ce9af9a76f2a21e21469d1b003de6f96e6770b9a6f89157354edbf19b523
Ubuntu Security Notice 532-1
Posted Oct 23, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 532-1 - Nobuhiro Ban discovered that check_http in nagios-plugins did not properly sanitize its input when following redirection requests. A malicious remote web server could cause a denial of service or possibly execute arbitrary code as the user. Aravind Gottipati discovered that sslutils.c in nagios-plugins did not properly reset pointers to NULL. A malicious remote web server could cause a denial of service. Aravind Gottipati discovered that check_http in nagios-plugins did not properly calculate how much memory to reallocate when following redirection requests. A malicious remote web server could cause a denial of service.

tags | advisory, remote, web, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2007-5198
SHA-256 | 677e5058f12e473d485da0af4be16886fabcf37a7ba5d0487a4a71af1f170bd9
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close