what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2007-5198

Status Candidate

Overview

Buffer overflow in the redir function in check_http.c in Nagios Plugins before 1.4.10, when running with the -f (follow) option, allows remote web servers to execute arbitrary code via Location header responses (redirects) with a large number of leading "L" characters.

Related Files

Mandriva Linux Security Advisory 2008-067
Posted Mar 19, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A number of vulnerabilities were found in Nagios and Nagios Plugins that are corrected with the latest version of both, as provided in this update. These vulnerabilities are buffer overflows and cross site scripting flaws.

tags | advisory, overflow, vulnerability, xss
systems | linux, mandriva
advisories | CVE-2007-5198, CVE-2007-5623, CVE-2007-5624, CVE-2008-1360
SHA-256 | 2f4d9c1c499d12bd735b9a54fb90639a6cd4fbc44aa5941702b3ee06c2c99113
Debian Linux Security Advisory 1495-2
Posted Feb 18, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1495-2 - A problem with the build system of the nagios-plugins package from old stable (Sarge) lead to check_procs not being included for the i386 architecture. This update fixes this regression. Several local/remote vulnerabilities had been discovered in two of the plugins for the Nagios network monitoring and management system.

tags | advisory, remote, local, vulnerability
systems | linux, debian
advisories | CVE-2007-5198, CVE-2007-5623
SHA-256 | f9f1ad771d269baff1cb5f1d569d1fe5a4f6408fb340f112ed84ff1ebb800d07
Debian Linux Security Advisory 1495-1
Posted Feb 12, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1495-1 - Several local/remote vulnerabilities have been discovered in two of the plugins for the Nagios network monitoring and management system. A buffer overflow has been discovered in the parser for HTTP Location headers (present in the check_http module). A buffer overflow has been discovered in the check_snmp module.

tags | advisory, remote, web, overflow, local, vulnerability
systems | linux, debian
advisories | CVE-2007-5198, CVE-2007-5623
SHA-256 | b718f3d850c7ae2b639d85c965fdb86e849f7b2350eb8bf95e90b635271d3450
Gentoo Linux Security Advisory 200711-11
Posted Nov 8, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200711-11 - fabiodds reported a boundary checking error in the check_snmp plugin when processing SNMP GET replies that could lead to a stack-based buffer overflow. Nobuhiro Ban reported a boundary checking error in the redir() function of the check_http plugin when processing HTTP Location: header information which might lead to a buffer overflow. Versions less than 1.4.10-r1 are affected.

tags | advisory, web, overflow
systems | linux, gentoo
advisories | CVE-2007-5198, CVE-2007-5623
SHA-256 | fa85ce9af9a76f2a21e21469d1b003de6f96e6770b9a6f89157354edbf19b523
Ubuntu Security Notice 532-1
Posted Oct 23, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 532-1 - Nobuhiro Ban discovered that check_http in nagios-plugins did not properly sanitize its input when following redirection requests. A malicious remote web server could cause a denial of service or possibly execute arbitrary code as the user. Aravind Gottipati discovered that sslutils.c in nagios-plugins did not properly reset pointers to NULL. A malicious remote web server could cause a denial of service. Aravind Gottipati discovered that check_http in nagios-plugins did not properly calculate how much memory to reallocate when following redirection requests. A malicious remote web server could cause a denial of service.

tags | advisory, remote, web, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2007-5198
SHA-256 | 677e5058f12e473d485da0af4be16886fabcf37a7ba5d0487a4a71af1f170bd9
Page 1 of 1
Back1Next

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close