The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[USN-532-1] nagios-plugins vulnerability


<< Previous INDEX Search src / Print Next >>
Date: Mon, 22 Oct 2007 11:33:54 -0700
From: Kees Cook <kees@ubuntu.com.>
To: [email protected]
Subject: [USN-532-1] nagios-plugins vulnerability
Message-ID: <20071022183354.GD7963@outflux.net.>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="k1BdFSKqAqVdu8k/"
Content-Disposition: inline
Organization: Ubuntu
X-MIMEDefang-Filter: outflux$Revision: 1.301 $
X-HELO: gorgon.outflux.net
X-Scanned-By: MIMEDefang 2.57 on 10.2.0.1
X-Virus-Scanned: antivirus-gw at tyumen.ru


--k1BdFSKqAqVdu8k/
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=20
Ubuntu Security Notice USN-532-1           October 22, 2007
nagios-plugins vulnerability
CVE-2007-5198
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  nagios-plugins                  1.4.2-5ubuntu3.1
  nagios-plugins-basic            1.4.2-5ubuntu3.1
  nagios-plugins-standard         1.4.2-5ubuntu3.1

In general, a standard system upgrade is sufficient to affect the
necessary changes.

Details follow:

Nobuhiro Ban discovered that check_http in nagios-plugins did
not properly sanitize its input when following redirection
requests. A malicious remote web server could cause a denial
of service or possibly execute arbitrary code as the user.
(CVE-2007-5198)

Aravind Gottipati discovered that sslutils.c in nagios-plugins
did not properly reset pointers to NULL. A malicious remote web
server could cause a denial of service.

Aravind Gottipati discovered that check_http in nagios-plugins
did not properly calculate how much memory to reallocate when
following redirection requests. A malicious remote web server
could cause a denial of service.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plu=
gins_1.4.2-5ubuntu3.1.diff.gz
      Size/MD5:    40038 2ce232319f1412bd31218e4f80f379aa
    http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plu=
gins_1.4.2-5ubuntu3.1.dsc
      Size/MD5:     1054 a0c28730ba822bef978cf7428447320a
    http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plu=
gins_1.4.2.orig.tar.gz
      Size/MD5:   973712 5ac95978cc49c35132a5a2ea1c985c20

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plu=
gins-basic_1.4.2-5ubuntu3.1_amd64.deb
      Size/MD5:   265222 1ebcbca55e85bee9e0579a98227aa5ac
    http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plu=
gins-standard_1.4.2-5ubuntu3.1_amd64.deb
      Size/MD5:   159170 62cb762bf4b953aab1cbe8a2ce5ddf33
    http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plu=
gins_1.4.2-5ubuntu3.1_amd64.deb
      Size/MD5:    64236 c67353629a02a09f5bc863dfc76311b6

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plu=
gins-basic_1.4.2-5ubuntu3.1_i386.deb
      Size/MD5:   226406 1edb66f9f3d896f32604261ca5fc6de7
    http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plu=
gins-standard_1.4.2-5ubuntu3.1_i386.deb
      Size/MD5:   142844 665cc990cfc20064cd5df981e2836db7
    http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plu=
gins_1.4.2-5ubuntu3.1_i386.deb
      Size/MD5:    64224 23d300cb4585debe59cc7652ee8b0732

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plu=
gins-basic_1.4.2-5ubuntu3.1_powerpc.deb
      Size/MD5:   245756 78ec9be9d3b0e6d5c2d1821d93652cc1
    http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plu=
gins-standard_1.4.2-5ubuntu3.1_powerpc.deb
      Size/MD5:   159026 f2617d51e4cfd9ee1e44c27c609eb3d3
    http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plu=
gins_1.4.2-5ubuntu3.1_powerpc.deb
      Size/MD5:    64234 abd123c2d7c19a789617a902e91857af

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plu=
gins-basic_1.4.2-5ubuntu3.1_sparc.deb
      Size/MD5:   234452 167d37e690c2e8553e0cc15eca80ef89
    http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plu=
gins-standard_1.4.2-5ubuntu3.1_sparc.deb
      Size/MD5:   144714 87eaaf687549fcb4f9de76c7a33accb9
    http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plu=
gins_1.4.2-5ubuntu3.1_sparc.deb
      Size/MD5:    64232 2f26e0b30e1e06ed8f5ecfdffb16a2e0


--k1BdFSKqAqVdu8k/
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHHO0SH/9LqRcGPm0RAreIAJwOdH+fnRGx0BdYahyKUnzviBHapgCfQN1B
pWWfiiIi3EpPxOIOm73fXrQ=
=jj9Y
-----END PGP SIGNATURE-----

--k1BdFSKqAqVdu8k/--


<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру