[USN-532-1] nagios-plugins vulnerability

看板Bugtraq作者kees.時間18年前 (2007/10/23 02:51)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串1/1

--k1BdFSKqAqVdu8k/ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=20 Ubuntu Security Notice USN-532-1 October 22, 2007 nagios-plugins vulnerability CVE-2007-5198 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: nagios-plugins 1.4.2-5ubuntu3.1 nagios-plugins-basic 1.4.2-5ubuntu3.1 nagios-plugins-standard 1.4.2-5ubuntu3.1 In general, a standard system upgrade is sufficient to affect the necessary changes. Details follow: Nobuhiro Ban discovered that check_http in nagios-plugins did not properly sanitize its input when following redirection requests. A malicious remote web server could cause a denial of service or possibly execute arbitrary code as the user. (CVE-2007-5198) Aravind Gottipati discovered that sslutils.c in nagios-plugins did not properly reset pointers to NULL. A malicious remote web server could cause a denial of service. Aravind Gottipati discovered that check_http in nagios-plugins did not properly calculate how much memory to reallocate when following redirection requests. A malicious remote web server could cause a denial of service. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plu= gins_1.4.2-5ubuntu3.1.diff.gz Size/MD5: 40038 2ce232319f1412bd31218e4f80f379aa http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plu= gins_1.4.2-5ubuntu3.1.dsc Size/MD5: 1054 a0c28730ba822bef978cf7428447320a http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plu= gins_1.4.2.orig.tar.gz Size/MD5: 973712 5ac95978cc49c35132a5a2ea1c985c20 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plu= gins-basic_1.4.2-5ubuntu3.1_amd64.deb Size/MD5: 265222 1ebcbca55e85bee9e0579a98227aa5ac http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plu= gins-standard_1.4.2-5ubuntu3.1_amd64.deb Size/MD5: 159170 62cb762bf4b953aab1cbe8a2ce5ddf33 http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plu= gins_1.4.2-5ubuntu3.1_amd64.deb Size/MD5: 64236 c67353629a02a09f5bc863dfc76311b6 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plu= gins-basic_1.4.2-5ubuntu3.1_i386.deb Size/MD5: 226406 1edb66f9f3d896f32604261ca5fc6de7 http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plu= gins-standard_1.4.2-5ubuntu3.1_i386.deb Size/MD5: 142844 665cc990cfc20064cd5df981e2836db7 http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plu= gins_1.4.2-5ubuntu3.1_i386.deb Size/MD5: 64224 23d300cb4585debe59cc7652ee8b0732 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plu= gins-basic_1.4.2-5ubuntu3.1_powerpc.deb Size/MD5: 245756 78ec9be9d3b0e6d5c2d1821d93652cc1 http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plu= gins-standard_1.4.2-5ubuntu3.1_powerpc.deb Size/MD5: 159026 f2617d51e4cfd9ee1e44c27c609eb3d3 http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plu= gins_1.4.2-5ubuntu3.1_powerpc.deb Size/MD5: 64234 abd123c2d7c19a789617a902e91857af sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plu= gins-basic_1.4.2-5ubuntu3.1_sparc.deb Size/MD5: 234452 167d37e690c2e8553e0cc15eca80ef89 http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plu= gins-standard_1.4.2-5ubuntu3.1_sparc.deb Size/MD5: 144714 87eaaf687549fcb4f9de76c7a33accb9 http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plu= gins_1.4.2-5ubuntu3.1_sparc.deb Size/MD5: 64232 2f26e0b30e1e06ed8f5ecfdffb16a2e0 --k1BdFSKqAqVdu8k/ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHHO0SH/9LqRcGPm0RAreIAJwOdH+fnRGx0BdYahyKUnzviBHapgCfQN1B pWWfiiIi3EpPxOIOm73fXrQ= =jj9Y -----END PGP SIGNATURE----- --k1BdFSKqAqVdu8k/--

‣ 返回看板[ Bugtraq ] 臭蟲

‣ 更多 kees. 的文章

文章代碼(AID): #177F4W00 (Bugtraq)