Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200711-11
HistoryNov 08, 2007 - 12:00 a.m.

Nagios Plugins: Two buffer overflows

2007-11-0800:00:00
Gentoo Foundation
security.gentoo.org
9

0.109 Low

EPSS

Percentile

95.1%

JSON

Background

The Nagios Plugins are an official set of plugins for Nagios, an open source host, service and network monitoring program.

Description

fabiodds reported a boundary checking error in the “check_snmp” plugin when processing SNMP “GET” replies that could lead to a stack-based buffer overflow (CVE-2007-5623). Nobuhiro Ban reported a boundary checking error in the redir() function of the “check_http” plugin when processing HTTP “Location:” header information which might lead to a buffer overflow (CVE-2007-5198).

Impact

A remote attacker could exploit these vulnerabilities to execute arbitrary code with the privileges of the user running Nagios or cause a Denial of Service by (1) sending a specially crafted SNMP “GET” reply to the Nagios daemon or (2) sending an overly long string in the “Location:” header of an HTTP reply. Note that to exploit (2), the malicious or compromised web server has to be configured in Nagios and the “-f” (follow) option has to be enabled.

Workaround

There is no known workaround at this time.

Resolution

All users of the Nagios Plugins should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-analyzer/nagios-plugins-1.4.10-r1"
OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-analyzer/nagios-plugins< 1.4.10-r1UNKNOWN

Related

nessus 12
fedora 5
openvas 24
securityvulns 2
debian 2
osv 1
suse 1
prion 2
cvelist 2
cve 2
ubuntucve 2
ubuntu 1
freebsd 1
nessus
nessus
SuSE 10 Security Update : nagios plugins (ZYPP Patch Number 4624)
2007-12-13 00:00:00
openSUSE 10 Security Update : nagios-plugins (nagios-plugins-4621)
2007-11-29 00:00:00
SuSE9 Security Update : nagios plugins (YOU Patch Number 11953)
2009-09-24 00:00:00
fedora
fedora
[SECURITY] Fedora 7 Update: nagios-plugins-1.4.11-2.fc7
2008-04-17 03:54:34
[SECURITY] Fedora 8 Update: nagios-plugins-1.4.11-2.fc8
2008-04-17 03:48:55
[SECURITY] Fedora 7 Update: nagios-plugins-1.4.8-9.fc7
2007-11-01 21:14:12
openvas
openvas
Gentoo Security Advisory GLSA 200711-11 (nagios-plugins)
2008-09-24 00:00:00
SLES10: Security update for nagios plugins
2009-10-13 00:00:00
Debian Security Advisory DSA 1495-2 (nagios-plugins)
2008-02-28 00:00:00
securityvulns
securityvulns
[ GLSA 200711-11 ] Nagios Plugins: Two buffer overflows
2007-11-14 00:00:00
Nagios plugins multiple security vulnerabilities
2007-11-14 00:00:00
debian
debian
[SECURITY] [DSA 1495-2] New nagios-plugins packages fix regression
2008-02-17 14:37:52
[SECURITY] [DSA 1495-1] New nagios-plugins packages fix several vulnerabilities
2008-02-12 22:48:31
osv
osv
nagios-plugins - several
2008-02-12 00:00:00
suse
suse
Security update for monitoring-plugins (moderate)
2019-07-14 00:00:00
prion
prion
Buffer overflow
2007-10-23 16:46:00
Buffer overflow
2007-10-04 17:17:00
cvelist
cvelist
CVE-2007-5623
2007-10-23 16:00:00
CVE-2007-5198
2007-10-04 17:00:00
cve
cve
CVE-2007-5623
2007-10-23 16:46:00
CVE-2007-5198
2007-10-04 17:17:00
ubuntucve
ubuntucve
CVE-2007-5623
2007-10-23 00:00:00
CVE-2007-5198
2007-10-04 00:00:00
ubuntu
ubuntu
nagios-plugins vulnerability
2007-10-22 00:00:00
freebsd
freebsd
nagios-plugins -- Long Location Header Buffer Overflow Vulnerability
2007-09-28 00:00:00

0.109 Low

EPSS

Percentile

95.1%

JSON
Related for GLSA-200711-11
nessus12fedora5openvas24securityvulns2debian2osv1suse1prion2cvelist2cve2ubuntucve2ubuntu1freebsd1