[gentoo-announce] [ GLSA 200711-11 ] Nagios Plugins: Two buffer overflows - gentoo-announce

From:	Pierre-Yves Rofes <py@g.o>
To:	gentoo-announce@l.g.o
Cc:	full-disclosure@××××××××××××××.uk, bugtraq@×××××××××××××.com, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200711-11 ] Nagios Plugins: Two buffer overflows
Date:	Thu, 08 Nov 2007 19:33:04
Message-Id:	`473360D5.6000703@gentoo.org`

1

-----BEGIN PGP SIGNED MESSAGE-----

2

Hash: SHA1

3

4

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

5

Gentoo Linux Security Advisory                           GLSA 200711-11

6

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

7

                                            http://security.gentoo.org/

8

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

9

10

  Severity: High

11

     Title: Nagios Plugins: Two buffer overflows

12

      Date: November 08, 2007

13

      Bugs: #196308, #194178

14

        ID: 200711-11

15

16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

17

18

Synopsis

19

========

20

21

Two buffer overflow vulnerabilities in the Nagios Plugins might allow

22

for remote execution of arbitrary code.

23

24

Background

25

==========

26

27

The Nagios Plugins are an official set of plugins for Nagios, an open

28

source host, service and network monitoring program.

29

30

Affected packages

31

=================

32

33

    -------------------------------------------------------------------

34

     Package                      /   Vulnerable   /        Unaffected

35

    -------------------------------------------------------------------

36

  1  net-analyzer/nagios-plugins      < 1.4.10-r1         >= 1.4.10-r1

37

38

Description

39

===========

40

41

fabiodds reported a boundary checking error in the "check_snmp" plugin

42

when processing SNMP "GET" replies that could lead to a stack-based

43

buffer overflow (CVE-2007-5623). Nobuhiro Ban reported a boundary

44

checking error in the redir() function of the "check_http" plugin when

45

processing HTTP "Location:" header information which might lead to a

46

buffer overflow (CVE-2007-5198).

47

48

Impact

49

======

50

51

A remote attacker could exploit these vulnerabilities to execute

52

arbitrary code with the privileges of the user running Nagios or cause

53

a Denial of Service by (1) sending a specially crafted SNMP "GET" reply

54

to the Nagios daemon or (2) sending an overly long string in the

55

"Location:" header of an HTTP reply. Note that to exploit (2), the

56

malicious or compromised web server has to be configured in Nagios and

57

the "-f" (follow) option has to be enabled.

58

59

Workaround

60

==========

61

62

There is no known workaround at this time.

63

64

Resolution

65

==========

66

67

All users of the Nagios Plugins should upgrade to the latest version:

68

69

   # emerge --sync

70

   # emerge -av --oneshot ">=net-analyzer/nagios-plugins-1.4.10-r1"

71

72

References

73

==========

74

75

  [ 1 ] CVE-2007-5198

76

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5198

77

  [ 2 ] CVE-2007-5623

78

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5623

79

80

Availability

81

============

82

83

This GLSA and any updates to it are available for viewing at

84

the Gentoo Security Website:

85

86

  http://security.gentoo.org/glsa/glsa-200711-11.xml

87

88

Concerns?

89

=========

90

91

Security is a primary focus of Gentoo Linux and ensuring the

92

confidentiality and security of our users machines is of utmost

93

importance to us. Any security concerns should be addressed to

94

security@g.o or alternatively, you may file a bug at

95

http://bugs.gentoo.org.

96

97

License

98

=======

99

100

Copyright 2007 Gentoo Foundation, Inc; referenced text

101

belongs to its owner(s).

102

103

The contents of this document are licensed under the

104

Creative Commons - Attribution / Share Alike license.

105

106

http://creativecommons.org/licenses/by-sa/2.5

107

-----BEGIN PGP SIGNATURE-----

108

Version: GnuPG v1.4.7 (GNU/Linux)

109

Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

110

111

iD8DBQFHM2DVuhJ+ozIKI5gRAn38AJ98L27Sde9S5ebhZYWNt+je89v1UACffi8l

112

CeAHOSuc4Z2xQ9nFp6T8a20=

113

=IvZ2

114

-----END PGP SIGNATURE-----

115

--

116

gentoo-announce@g.o mailing list

1	-----BEGIN PGP SIGNED MESSAGE-----
2	Hash: SHA1
3
4	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
5	Gentoo Linux Security Advisory GLSA 200711-11
6	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
7	http://security.gentoo.org/
8	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
9
10	Severity: High
11	Title: Nagios Plugins: Two buffer overflows
12	Date: November 08, 2007
13	Bugs: #196308, #194178
14	ID: 200711-11
15
16	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
17
18	Synopsis
19	========
20
21	Two buffer overflow vulnerabilities in the Nagios Plugins might allow
22	for remote execution of arbitrary code.
23
24	Background
25	==========
26
27	The Nagios Plugins are an official set of plugins for Nagios, an open
28	source host, service and network monitoring program.
29
30	Affected packages
31	=================
32
33	-------------------------------------------------------------------
34	Package / Vulnerable / Unaffected
35	-------------------------------------------------------------------
36	1 net-analyzer/nagios-plugins < 1.4.10-r1 >= 1.4.10-r1
37
38	Description
39	===========
40
41	fabiodds reported a boundary checking error in the "check_snmp" plugin
42	when processing SNMP "GET" replies that could lead to a stack-based
43	buffer overflow (CVE-2007-5623). Nobuhiro Ban reported a boundary
44	checking error in the redir() function of the "check_http" plugin when
45	processing HTTP "Location:" header information which might lead to a
46	buffer overflow (CVE-2007-5198).
47
48	Impact
49	======
50
51	A remote attacker could exploit these vulnerabilities to execute
52	arbitrary code with the privileges of the user running Nagios or cause
53	a Denial of Service by (1) sending a specially crafted SNMP "GET" reply
54	to the Nagios daemon or (2) sending an overly long string in the
55	"Location:" header of an HTTP reply. Note that to exploit (2), the
56	malicious or compromised web server has to be configured in Nagios and
57	the "-f" (follow) option has to be enabled.
58
59	Workaround
60	==========
61
62	There is no known workaround at this time.
63
64	Resolution
65	==========
66
67	All users of the Nagios Plugins should upgrade to the latest version:
68
69	# emerge --sync
70	# emerge -av --oneshot ">=net-analyzer/nagios-plugins-1.4.10-r1"
71
72	References
73	==========
74
75	[ 1 ] CVE-2007-5198
76	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5198
77	[ 2 ] CVE-2007-5623
78	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5623
79
80	Availability
81	============
82
83	This GLSA and any updates to it are available for viewing at
84	the Gentoo Security Website:
85
86	http://security.gentoo.org/glsa/glsa-200711-11.xml
87
88	Concerns?
89	=========
90
91	Security is a primary focus of Gentoo Linux and ensuring the
92	confidentiality and security of our users machines is of utmost
93	importance to us. Any security concerns should be addressed to
94	security@g.o or alternatively, you may file a bug at
95	http://bugs.gentoo.org.
96
97	License
98	=======
99
100	Copyright 2007 Gentoo Foundation, Inc; referenced text
101	belongs to its owner(s).
102
103	The contents of this document are licensed under the
104	Creative Commons - Attribution / Share Alike license.
105
106	http://creativecommons.org/licenses/by-sa/2.5
107	-----BEGIN PGP SIGNATURE-----
108	Version: GnuPG v1.4.7 (GNU/Linux)
109	Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
110
111	iD8DBQFHM2DVuhJ+ozIKI5gRAn38AJ98L27Sde9S5ebhZYWNt+je89v1UACffi8l
112	CeAHOSuc4Z2xQ9nFp6T8a20=
113	=IvZ2
114	-----END PGP SIGNATURE-----
115	--
116	gentoo-announce@g.o mailing list

Gentoo Archives: gentoo-announce