ID DEBIAN_DSA-1495.NASL Type nessus Reporter This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2008-02-14T00:00:00
Description
Several local/remote vulnerabilities have been discovered in two of
the plugins for the Nagios network monitoring and management system.
The Common Vulnerabilities and Exposures project identifies the
following problems :
CVE-2007-5198
A buffer overflow has been discovered in the parser for
HTTP Location headers (present in the check_http
module).
CVE-2007-5623
A buffer overflow has been discovered in the check_snmp
module.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DSA-1495. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(31055);
script_version("1.17");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");
script_cve_id("CVE-2007-5198", "CVE-2007-5623");
script_xref(name:"DSA", value:"1495");
script_name(english:"Debian DSA-1495-1 : nagios-plugins - buffer overflows");
script_summary(english:"Checks dpkg output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security-related update."
);
script_set_attribute(
attribute:"description",
value:
"Several local/remote vulnerabilities have been discovered in two of
the plugins for the Nagios network monitoring and management system.
The Common Vulnerabilities and Exposures project identifies the
following problems :
- CVE-2007-5198
A buffer overflow has been discovered in the parser for
HTTP Location headers (present in the check_http
module).
- CVE-2007-5623
A buffer overflow has been discovered in the check_snmp
module."
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2007-5198"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2007-5623"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.debian.org/security/2008/dsa-1495"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade the nagios-plugins package.
For the old stable distribution (sarge), these problems have been
fixed in version 1.4-6sarge1.
For the stable distribution (etch), these problems have been fixed in
version 1.4.5-1etch1."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_cwe_id(119);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nagios-plugins");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0");
script_set_attribute(attribute:"patch_publication_date", value:"2008/02/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2008/02/14");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"3.1", prefix:"nagios-plugins", reference:"1.4-6sarge1")) flag++;
if (deb_check(release:"4.0", prefix:"nagios-plugins", reference:"1.4.5-1etch1")) flag++;
if (deb_check(release:"4.0", prefix:"nagios-plugins-basic", reference:"1.4.5-1etch1")) flag++;
if (deb_check(release:"4.0", prefix:"nagios-plugins-standard", reference:"1.4.5-1etch1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"id": "DEBIAN_DSA-1495.NASL", "bulletinFamily": "scanner", "title": "Debian DSA-1495-1 : nagios-plugins - buffer overflows", "description": "Several local/remote vulnerabilities have been discovered in two of\nthe plugins for the Nagios network monitoring and management system.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems :\n\n - CVE-2007-5198\n A buffer overflow has been discovered in the parser for\n HTTP Location headers (present in the check_http\n module).\n\n - CVE-2007-5623\n A buffer overflow has been discovered in the check_snmp\n module.", "published": "2008-02-14T00:00:00", "modified": "2008-02-14T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/31055", "reporter": "This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://security-tracker.debian.org/tracker/CVE-2007-5198", "https://security-tracker.debian.org/tracker/CVE-2007-5623", "https://www.debian.org/security/2008/dsa-1495"], "cvelist": ["CVE-2007-5623", "CVE-2007-5198"], "type": "nessus", "lastseen": "2021-01-06T09:44:57", "edition": 27, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-5198", "CVE-2007-5623"]}, {"type": "openvas", "idList": ["OPENVAS:58750", "OPENVAS:65453", "OPENVAS:860485", "OPENVAS:65983", "OPENVAS:136141256231065453", "OPENVAS:136141256231065983", "OPENVAS:861304", "OPENVAS:60431", "OPENVAS:60370", "OPENVAS:860220"]}, {"type": "gentoo", "idList": ["GLSA-200711-11"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1495-2:CE213", "DEBIAN:DSA-1495-1:3D3B7"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:18410", "SECURITYVULNS:VULN:8344"]}, {"type": "nessus", "idList": ["FEDORA_2008-3098.NASL", "FEDORA_2007-2713.NASL", "GENTOO_GLSA-200711-11.NASL", "FEDORA_2008-3146.NASL", "SUSE9_11953.NASL", "UBUNTU_USN-532-1.NASL", "FEDORA_2008-3061.NASL", "FEDORA_2007-2876.NASL", "SUSE_NAGIOS-PLUGINS-4621.NASL", "SUSE_NAGIOS-PLUGINS-4624.NASL"]}, {"type": "fedora", "idList": ["FEDORA:M3H44B5J014924", "FEDORA:M3H46GNI015181", "FEDORA:LA1LE8DW030830", "FEDORA:M3H40KDM014494", "FEDORA:LA6GDBGW005581"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1702-1"]}, {"type": "ubuntu", "idList": ["USN-532-1"]}, {"type": "freebsd", "idList": ["7453C85D-7830-11DC-B4C8-0016179B2DD5"]}, {"type": "exploitdb", "idList": ["EDB-ID:30646"]}], "modified": "2021-01-06T09:44:57", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-01-06T09:44:57", "rev": 2}, "vulnersScore": 7.1}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1495. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31055);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-5198\", \"CVE-2007-5623\");\n script_xref(name:\"DSA\", value:\"1495\");\n\n script_name(english:\"Debian DSA-1495-1 : nagios-plugins - buffer overflows\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several local/remote vulnerabilities have been discovered in two of\nthe plugins for the Nagios network monitoring and management system.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems :\n\n - CVE-2007-5198\n A buffer overflow has been discovered in the parser for\n HTTP Location headers (present in the check_http\n module).\n\n - CVE-2007-5623\n A buffer overflow has been discovered in the check_snmp\n module.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-5198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-5623\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1495\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the nagios-plugins package.\n\nFor the old stable distribution (sarge), these problems have been\nfixed in version 1.4-6sarge1.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.4.5-1etch1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nagios-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"nagios-plugins\", reference:\"1.4-6sarge1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"nagios-plugins\", reference:\"1.4.5-1etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"nagios-plugins-basic\", reference:\"1.4.5-1etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"nagios-plugins-standard\", reference:\"1.4.5-1etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "pluginID": "31055", "cpe": ["cpe:/o:debian:debian_linux:4.0", "cpe:/o:debian:debian_linux:3.1", "p-cpe:/a:debian:debian_linux:nagios-plugins"], "scheme": null}
{"cve": [{"lastseen": "2020-10-03T11:45:54", "description": "Buffer overflow in the check_snmp function in Nagios Plugins (nagios-plugins) 1.4.10 allows remote attackers to cause a denial of service (crash) via crafted snmpget replies.", "edition": 4, "cvss3": {}, "published": "2007-10-23T16:46:00", "title": "CVE-2007-5623", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5623"], "modified": "2011-03-08T03:01:00", "cpe": ["cpe:/a:nagios:plugins:1.4.10"], "id": "CVE-2007-5623", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5623", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:nagios:plugins:1.4.10:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:26:08", "description": "Buffer overflow in the redir function in check_http.c in Nagios Plugins before 1.4.10, when running with the -f (follow) option, allows remote web servers to execute arbitrary code via Location header responses (redirects) with a large number of leading \"L\" characters.", "edition": 5, "cvss3": {}, "published": "2007-10-04T17:17:00", "title": "CVE-2007-5198", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5198"], "modified": "2011-03-08T03:00:00", "cpe": ["cpe:/a:nagios:plugins:1.4.9"], "id": "CVE-2007-5198", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5198", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:nagios:plugins:1.4.9:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2018-04-06T11:38:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5623", "CVE-2007-5198"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n nagios-plugins\n nagios-plugins-extras\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-13T00:00:00", "id": "OPENVAS:136141256231065983", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065983", "type": "openvas", "title": "SLES10: Security update for nagios plugins", "sourceData": "#\n#VID slesp1-nagios-plugins-4624\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for nagios plugins\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n nagios-plugins\n nagios-plugins-extras\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65983\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2007-5198\", \"CVE-2007-5623\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES10: Security update for nagios plugins\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"nagios-plugins\", rpm:\"nagios-plugins~1.4.5~16.13\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nagios-plugins-extras\", rpm:\"nagios-plugins-extras~1.4.5~16.13\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5623", "CVE-2007-5198"], "description": "The remote host is missing an update to nagios-plugins\nannounced via advisory DSA 1495-1.", "modified": "2017-07-07T00:00:00", "published": "2008-02-15T00:00:00", "id": "OPENVAS:60370", "href": "http://plugins.openvas.org/nasl.php?oid=60370", "type": "openvas", "title": "Debian Security Advisory DSA 1495-1 (nagios-plugins)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1495_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1495-1 (nagios-plugins)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several local/remote vulnerabilities have been discovered in two of\nthe plugins for the Nagios network monitoring and management system.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2007-5198\n\nA buffer overflow has been discovered in the parser for HTTP\nLocation headers (present in the check_http module).\n\nCVE-2007-5623\n\nA buffer overflow has been discovered in the check_snmp module.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.4.5-1etch1.\n\nFor the old stable distribution (sarge), these problems have been\nfixed in version 1.4-6sarge1.\n\nWe recommend that you upgrade your nagios-plugins package.\";\ntag_summary = \"The remote host is missing an update to nagios-plugins\nannounced via advisory DSA 1495-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201495-1\";\n\n\nif(description)\n{\n script_id(60370);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-02-15 23:29:21 +0100 (Fri, 15 Feb 2008)\");\n script_cve_id(\"CVE-2007-5198\", \"CVE-2007-5623\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1495-1 (nagios-plugins)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"nagios-plugins\", ver:\"1.4-6sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nagios-plugins-basic\", ver:\"1.4.5-1etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nagios-plugins\", ver:\"1.4.5-1etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"nagios-plugins-standard\", ver:\"1.4.5-1etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5623", "CVE-2007-5198"], "description": "Check for the Version of nagios-plugins", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "id": "OPENVAS:860220", "href": "http://plugins.openvas.org/nasl.php?oid=860220", "type": "openvas", "title": "Fedora Update for nagios-plugins FEDORA-2008-3061", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nagios-plugins FEDORA-2008-3061\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"nagios-plugins on Fedora 8\";\ntag_insight = \"Nagios is a program that will monitor hosts and services on your\n network, and to email or page you when a problem arises or is\n resolved. Nagios runs on a Unix server as a background or daemon\n process, intermittently running checks on various services that you\n specify. The actual service checks are performed by separate "plugin"\n programs which return the status of the checks to Nagios. This package\n contains those plugins.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00249.html\");\n script_id(860220);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 16:43:56 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2008-3061\");\n script_cve_id(\"CVE-2007-5198\", \"CVE-2007-5623\");\n script_name( \"Fedora Update for nagios-plugins FEDORA-2008-3061\");\n\n script_summary(\"Check for the Version of nagios-plugins\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins\", rpm:\"nagios-plugins~1.4.11~2.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5623", "CVE-2007-5198"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n nagios-plugins\n nagios-plugins-extras\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5018311 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65453", "href": "http://plugins.openvas.org/nasl.php?oid=65453", "type": "openvas", "title": "SLES9: Security update for nagios plugins", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5018311.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for nagios plugins\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n nagios-plugins\n nagios-plugins-extras\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5018311 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65453);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-5198\", \"CVE-2007-5623\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for nagios plugins\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"nagios-plugins\", rpm:\"nagios-plugins~1.3.1~270.13\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5623", "CVE-2007-5198"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200711-11.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:58750", "href": "http://plugins.openvas.org/nasl.php?oid=58750", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200711-11 (nagios-plugins)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Two buffer overflow vulnerabilities in the Nagios Plugins might allow for\nremote execution of arbitrary code.\";\ntag_solution = \"All users of the Nagios Plugins should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose\n'>=net-analyzer/nagios-plugins-1.4.10-r1'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200711-11\nhttp://bugs.gentoo.org/show_bug.cgi?id=196308\nhttp://bugs.gentoo.org/show_bug.cgi?id=194178\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200711-11.\";\n\n \n\nif(description)\n{\n script_id(58750);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2007-5198\", \"CVE-2007-5623\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200711-11 (nagios-plugins)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-analyzer/nagios-plugins\", unaffected: make_list(\"ge 1.4.10-r1\"), vulnerable: make_list(\"lt 1.4.10-r1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5623", "CVE-2007-5198"], "description": "Check for the Version of nagios-plugins", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "id": "OPENVAS:860485", "href": "http://plugins.openvas.org/nasl.php?oid=860485", "type": "openvas", "title": "Fedora Update for nagios-plugins FEDORA-2008-3146", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nagios-plugins FEDORA-2008-3146\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"nagios-plugins on Fedora 7\";\ntag_insight = \"Nagios is a program that will monitor hosts and services on your\n network, and to email or page you when a problem arises or is\n resolved. Nagios runs on a Unix server as a background or daemon\n process, intermittently running checks on various services that you\n specify. The actual service checks are performed by separate "plugin"\n programs which return the status of the checks to Nagios. This package\n contains those plugins.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00320.html\");\n script_id(860485);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 16:43:56 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2008-3146\");\n script_cve_id(\"CVE-2007-5198\", \"CVE-2007-5623\");\n script_name( \"Fedora Update for nagios-plugins FEDORA-2008-3146\");\n\n script_summary(\"Check for the Version of nagios-plugins\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins\", rpm:\"nagios-plugins~1.4.11~2.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5623", "CVE-2007-5198"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n nagios-plugins\n nagios-plugins-extras\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-13T00:00:00", "id": "OPENVAS:65983", "href": "http://plugins.openvas.org/nasl.php?oid=65983", "type": "openvas", "title": "SLES10: Security update for nagios plugins", "sourceData": "#\n#VID slesp1-nagios-plugins-4624\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for nagios plugins\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n nagios-plugins\n nagios-plugins-extras\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65983);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2007-5198\", \"CVE-2007-5623\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES10: Security update for nagios plugins\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"nagios-plugins\", rpm:\"nagios-plugins~1.4.5~16.13\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nagios-plugins-extras\", rpm:\"nagios-plugins-extras~1.4.5~16.13\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5623", "CVE-2007-5198"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n nagios-plugins\n nagios-plugins-extras\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5018311 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065453", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065453", "type": "openvas", "title": "SLES9: Security update for nagios plugins", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5018311.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for nagios plugins\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n nagios-plugins\n nagios-plugins-extras\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5018311 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65453\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-5198\", \"CVE-2007-5623\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"SLES9: Security update for nagios plugins\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"nagios-plugins\", rpm:\"nagios-plugins~1.3.1~270.13\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5623", "CVE-2007-5198"], "description": "The remote host is missing an update to nagios-plugins\nannounced via advisory DSA 1495-2.", "modified": "2017-07-07T00:00:00", "published": "2008-02-28T00:00:00", "id": "OPENVAS:60431", "href": "http://plugins.openvas.org/nasl.php?oid=60431", "type": "openvas", "title": "Debian Security Advisory DSA 1495-2 (nagios-plugins)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1495_2.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1495-2 (nagios-plugins)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A problem with the build system of the nagios-plugins package from old\nstable (Sarge) lead to check_procs not being included for the i386\narchitecture. This update fixes this regression. For reference the\noriginal advisory text below:\n\nSeveral local/remote vulnerabilities have been discovered in two of\nthe plugins for the Nagios network monitoring and management system.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2007-5198\n\nA buffer overflow has been discovered in the parser for HTTP\nLocation headers (present in the check_http module).\n\nCVE-2007-5623\n\nA buffer overflow has been discovered in the check_snmp module.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.4.5-1etch1.\n\nFor the old stable distribution (sarge), these problems have been\nfixed in version 1.4-6sarge2.\n\nWe recommend that you upgrade your nagios-plugins package.\";\ntag_summary = \"The remote host is missing an update to nagios-plugins\nannounced via advisory DSA 1495-2.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201495-2\";\n\n\nif(description)\n{\n script_id(60431);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-02-28 02:09:28 +0100 (Thu, 28 Feb 2008)\");\n script_cve_id(\"CVE-2007-5198\", \"CVE-2007-5623\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1495-2 (nagios-plugins)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"nagios-plugins\", ver:\"1.4-6sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5623"], "description": "Check for the Version of nagios-plugins", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:861304", "href": "http://plugins.openvas.org/nasl.php?oid=861304", "type": "openvas", "title": "Fedora Update for nagios-plugins FEDORA-2007-2876", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nagios-plugins FEDORA-2007-2876\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"nagios-plugins on Fedora 8\";\ntag_insight = \"Nagios is a program that will monitor hosts and services on your\n network, and to email or page you when a problem arises or is\n resolved. Nagios runs on a Unix server as a background or daemon\n process, intermittently running checks on various services that you\n specify. The actual service checks are performed by separate "plugin"\n programs which return the status of the checks to Nagios. This package\n contains those plugins.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00139.html\");\n script_id(861304);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:01:32 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2007-2876\");\n script_cve_id(\"CVE-2007-5623\");\n script_name( \"Fedora Update for nagios-plugins FEDORA-2007-2876\");\n\n script_summary(\"Check for the Version of nagios-plugins\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins\", rpm:\"nagios-plugins~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-tcp\", rpm:\"nagios-plugins-tcp~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-ifstatus\", rpm:\"nagios-plugins-ifstatus~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-radius\", rpm:\"nagios-plugins-radius~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-overcr\", rpm:\"nagios-plugins-overcr~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-mrtg\", rpm:\"nagios-plugins-mrtg~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-fping\", rpm:\"nagios-plugins-fping~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-dhcp\", rpm:\"nagios-plugins-dhcp~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-ide_smart\", rpm:\"nagios-plugins-ide_smart~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-mysql\", rpm:\"nagios-plugins-mysql~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-swap\", rpm:\"nagios-plugins-swap~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-nt\", rpm:\"nagios-plugins-nt~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-rpc\", rpm:\"nagios-plugins-rpc~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-procs\", rpm:\"nagios-plugins-procs~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-ifoperstatus\", rpm:\"nagios-plugins-ifoperstatus~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-time\", rpm:\"nagios-plugins-time~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-ping\", rpm:\"nagios-plugins-ping~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-http\", rpm:\"nagios-plugins-http~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins\", rpm:\"nagios-plugins~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-hpjd\", rpm:\"nagios-plugins-hpjd~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-snmp\", rpm:\"nagios-plugins-snmp~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-file_age\", rpm:\"nagios-plugins-file_age~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-ups\", rpm:\"nagios-plugins-ups~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-dns\", rpm:\"nagios-plugins-dns~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-ldap\", rpm:\"nagios-plugins-ldap~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-flexlm\", rpm:\"nagios-plugins-flexlm~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-ntp\", rpm:\"nagios-plugins-ntp~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-wave\", rpm:\"nagios-plugins-wave~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-pgsql\", rpm:\"nagios-plugins-pgsql~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-log\", rpm:\"nagios-plugins-log~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-real\", rpm:\"nagios-plugins-real~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-all\", rpm:\"nagios-plugins-all~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-udp\", rpm:\"nagios-plugins-udp~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-smtp\", rpm:\"nagios-plugins-smtp~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-by_ssh\", rpm:\"nagios-plugins-by_ssh~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-game\", rpm:\"nagios-plugins-game~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-users\", rpm:\"nagios-plugins-users~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-disk_smb\", rpm:\"nagios-plugins-disk_smb~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-debuginfo\", rpm:\"nagios-plugins-debuginfo~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-perl\", rpm:\"nagios-plugins-perl~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-linux_raid\", rpm:\"nagios-plugins-linux_raid~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-icmp\", rpm:\"nagios-plugins-icmp~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-disk\", rpm:\"nagios-plugins-disk~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-mrtgtraf\", rpm:\"nagios-plugins-mrtgtraf~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-breeze\", rpm:\"nagios-plugins-breeze~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-mailq\", rpm:\"nagios-plugins-mailq~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-oracle\", rpm:\"nagios-plugins-oracle~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-load\", rpm:\"nagios-plugins-load~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-nagios\", rpm:\"nagios-plugins-nagios~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-ssh\", rpm:\"nagios-plugins-ssh~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-ircd\", rpm:\"nagios-plugins-ircd~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-apt\", rpm:\"nagios-plugins-apt~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-sensors\", rpm:\"nagios-plugins-sensors~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-dummy\", rpm:\"nagios-plugins-dummy~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-nwstat\", rpm:\"nagios-plugins-nwstat~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-dig\", rpm:\"nagios-plugins-dig~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-rpc\", rpm:\"nagios-plugins-rpc~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-perl\", rpm:\"nagios-plugins-perl~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-hpjd\", rpm:\"nagios-plugins-hpjd~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-mrtgtraf\", rpm:\"nagios-plugins-mrtgtraf~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-debuginfo\", rpm:\"nagios-plugins-debuginfo~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-ping\", rpm:\"nagios-plugins-ping~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-fping\", rpm:\"nagios-plugins-fping~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-mysql\", rpm:\"nagios-plugins-mysql~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-ifstatus\", rpm:\"nagios-plugins-ifstatus~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-mailq\", rpm:\"nagios-plugins-mailq~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-wave\", rpm:\"nagios-plugins-wave~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-dhcp\", rpm:\"nagios-plugins-dhcp~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-disk\", rpm:\"nagios-plugins-disk~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-nagios\", rpm:\"nagios-plugins-nagios~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-dig\", rpm:\"nagios-plugins-dig~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-game\", rpm:\"nagios-plugins-game~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-users\", rpm:\"nagios-plugins-users~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-ups\", rpm:\"nagios-plugins-ups~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-tcp\", rpm:\"nagios-plugins-tcp~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-nt\", rpm:\"nagios-plugins-nt~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-procs\", rpm:\"nagios-plugins-procs~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-file_age\", rpm:\"nagios-plugins-file_age~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-oracle\", rpm:\"nagios-plugins-oracle~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-dummy\", rpm:\"nagios-plugins-dummy~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-nwstat\", rpm:\"nagios-plugins-nwstat~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-real\", rpm:\"nagios-plugins-real~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-disk_smb\", rpm:\"nagios-plugins-disk_smb~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-all\", rpm:\"nagios-plugins-all~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-ntp\", rpm:\"nagios-plugins-ntp~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-smtp\", rpm:\"nagios-plugins-smtp~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-swap\", rpm:\"nagios-plugins-swap~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-ide_smart\", rpm:\"nagios-plugins-ide_smart~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-snmp\", rpm:\"nagios-plugins-snmp~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-ircd\", rpm:\"nagios-plugins-ircd~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-http\", rpm:\"nagios-plugins-http~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-ifoperstatus\", rpm:\"nagios-plugins-ifoperstatus~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-breeze\", rpm:\"nagios-plugins-breeze~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-linux_raid\", rpm:\"nagios-plugins-linux_raid~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-ssh\", rpm:\"nagios-plugins-ssh~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-pgsql\", rpm:\"nagios-plugins-pgsql~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-by_ssh\", rpm:\"nagios-plugins-by_ssh~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-apt\", rpm:\"nagios-plugins-apt~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-flexlm\", rpm:\"nagios-plugins-flexlm~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-time\", rpm:\"nagios-plugins-time~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-ldap\", rpm:\"nagios-plugins-ldap~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-overcr\", rpm:\"nagios-plugins-overcr~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-sensors\", rpm:\"nagios-plugins-sensors~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-icmp\", rpm:\"nagios-plugins-icmp~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-radius\", rpm:\"nagios-plugins-radius~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins\", rpm:\"nagios-plugins~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-load\", rpm:\"nagios-plugins-load~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-log\", rpm:\"nagios-plugins-log~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-dns\", rpm:\"nagios-plugins-dns~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-mrtg\", rpm:\"nagios-plugins-mrtg~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nagios-plugins-udp\", rpm:\"nagios-plugins-udp~1.4.8~9.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:04", "bulletinFamily": "unix", "cvelist": ["CVE-2007-5623", "CVE-2007-5198"], "description": "### Background\n\nThe Nagios Plugins are an official set of plugins for Nagios, an open source host, service and network monitoring program. \n\n### Description\n\nfabiodds reported a boundary checking error in the \"check_snmp\" plugin when processing SNMP \"GET\" replies that could lead to a stack-based buffer overflow (CVE-2007-5623). Nobuhiro Ban reported a boundary checking error in the redir() function of the \"check_http\" plugin when processing HTTP \"Location:\" header information which might lead to a buffer overflow (CVE-2007-5198). \n\n### Impact\n\nA remote attacker could exploit these vulnerabilities to execute arbitrary code with the privileges of the user running Nagios or cause a Denial of Service by (1) sending a specially crafted SNMP \"GET\" reply to the Nagios daemon or (2) sending an overly long string in the \"Location:\" header of an HTTP reply. Note that to exploit (2), the malicious or compromised web server has to be configured in Nagios and the \"-f\" (follow) option has to be enabled. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll users of the Nagios Plugins should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-analyzer/nagios-plugins-1.4.10-r1\"", "edition": 1, "modified": "2007-11-08T00:00:00", "published": "2007-11-08T00:00:00", "id": "GLSA-200711-11", "href": "https://security.gentoo.org/glsa/200711-11", "type": "gentoo", "title": "Nagios Plugins: Two buffer overflows", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2020-11-11T13:12:29", "bulletinFamily": "unix", "cvelist": ["CVE-2007-5623", "CVE-2007-5198"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1495-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nFebruary 12, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : nagios-plugins\nVulnerability : buffer overflows\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2007-5198 CVE-2007-5623\n\nSeveral local/remote vulnerabilities have been discovered in two of\nthe plugins for the Nagios network monitoring and management system.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2007-5198\n\n A buffer overflow has been discovered in the parser for HTTP\n Location headers (present in the check_http module).\n\nCVE-2007-5623\n\n A buffer overflow has been discovered in the check_snmp module.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.4.5-1etch1.\n\nFor the old stable distribution (sarge), these problems have been\nfixed in version 1.4-6sarge1.\n\nWe recommend that you upgrade your nagios-plugins package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian 3.1 (oldstable)\n- ----------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4-6sarge1.dsc\n Size/MD5 checksum: 927 bd96c045610c5978605f2afc9dfb987c\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4-6sarge1.diff.gz\n Size/MD5 checksum: 21778 74cd27a521e5e7654cf2391aeee2deac\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4.orig.tar.gz\n Size/MD5 checksum: 973910 d46ae53154a228614629d50ea56d46b6\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4-6sarge1_alpha.deb\n Size/MD5 checksum: 514580 83623f3e2d62171a7e0f515283f437be\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4-6sarge1_amd64.deb\n Size/MD5 checksum: 395554 3e8bb19e0b8de1078a306fd7761fe5c1\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4-6sarge1_arm.deb\n Size/MD5 checksum: 379032 32300cc77a09ad8cdf55a2dfa5f7bc37\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4-6sarge1_hppa.deb\n Size/MD5 checksum: 392784 3e9f60bcc439f4bfd2854258c1f62d1a\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4-6sarge1_i386.deb\n Size/MD5 checksum: 334198 f045b9c68b6b1c791ffd5f1aaf89606e\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4-6sarge1_ia64.deb\n Size/MD5 checksum: 644134 640619b6d69d316a85e903b4042fafe0\n\nm68k architecture (Motorola Mc680x0)\n\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4-6sarge1_m68k.deb\n Size/MD5 checksum: 336368 a5aea6422c93b79aec327446ae3e417b\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4-6sarge1_mips.deb\n Size/MD5 checksum: 544780 c5b5d8c8e7c1a35121664d0aa0995880\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4-6sarge1_mipsel.deb\n Size/MD5 checksum: 532688 a50f57072f656ab46a68d6fc4efc993b\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4-6sarge1_powerpc.deb\n Size/MD5 checksum: 367568 a35ec66bd965bcef9ca041278405df44\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4-6sarge1_s390.deb\n Size/MD5 checksum: 372064 0b3e8860d95b81c9c0f163006926613f\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4-6sarge1_sparc.deb\n Size/MD5 checksum: 349018 97a0f07fc2aa948921065c926bd3497c\n\nDebian 4.0 (stable)\n- -------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4.5.orig.tar.gz\n Size/MD5 checksum: 1285997 359afddaf6a8e3228a5130b60bed0f67\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4.5-1etch1.diff.gz\n Size/MD5 checksum: 21859 58658037a3a2cdf6531246d4c6f3ac6b\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4.5-1etch1.dsc\n Size/MD5 checksum: 1033 4665beadc7b3be6ac31244bc96deeafb\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-basic_1.4.5-1etch1_alpha.deb\n Size/MD5 checksum: 639288 faad3564117ca60e315e7598cc839adf\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4.5-1etch1_alpha.deb\n Size/MD5 checksum: 80854 59e15a8a67c4177dfb36feee67d1866b\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-standard_1.4.5-1etch1_alpha.deb\n Size/MD5 checksum: 288820 cd421951ee33047f61068bd03ee05677\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-basic_1.4.5-1etch1_amd64.deb\n Size/MD5 checksum: 537840 a97a4c671db575426a7c8d3c9211fb8d\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-standard_1.4.5-1etch1_amd64.deb\n Size/MD5 checksum: 245170 482ad5f0d233d6fd4efe945dfb372ef6\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4.5-1etch1_amd64.deb\n Size/MD5 checksum: 80276 ea35ab0beb77c38a5cfeda5f84d25d26\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-standard_1.4.5-1etch1_arm.deb\n Size/MD5 checksum: 225412 80809d122ffef7863ff15ccab6a8759f\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-basic_1.4.5-1etch1_arm.deb\n Size/MD5 checksum: 472236 15a27bbcaccc3dd7d79e226c61456c5e\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4.5-1etch1_arm.deb\n Size/MD5 checksum: 80906 5d38cd759f2bb1da5094c9ef6c6363e4\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4.5-1etch1_hppa.deb\n Size/MD5 checksum: 80354 11649afbd71868b06f8aaadccbda33bd\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-basic_1.4.5-1etch1_hppa.deb\n Size/MD5 checksum: 520106 cba264378269730770844d8bc8ddfaa5\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-standard_1.4.5-1etch1_hppa.deb\n Size/MD5 checksum: 234750 f96394409146a183dc9572aff62d1fa3\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-standard_1.4.5-1etch1_i386.deb\n Size/MD5 checksum: 217304 4f364a99c8d29939930e17b586bd7163\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4.5-1etch1_i386.deb\n Size/MD5 checksum: 80356 55f8c942983a877f3f81694870a555cc\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-basic_1.4.5-1etch1_i386.deb\n Size/MD5 checksum: 470394 3a973e79925f8ba0d452843e53eb6418\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4.5-1etch1_ia64.deb\n Size/MD5 checksum: 80356 98903ee6cfe0db798b72f631fd8abc5e\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-basic_1.4.5-1etch1_ia64.deb\n Size/MD5 checksum: 833178 5cd28a54fd6b4982c63dbf31001575bd\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-standard_1.4.5-1etch1_ia64.deb\n Size/MD5 checksum: 360550 b299c6b4cc32f2f8dbf98099097c0cd9\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-basic_1.4.5-1etch1_mips.deb\n Size/MD5 checksum: 592006 8133ad978949b3dd27a8b135e42237d0\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4.5-1etch1_mips.deb\n Size/MD5 checksum: 80234 ab53bbaf42b9330871432b364c7e1da4\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-standard_1.4.5-1etch1_mips.deb\n Size/MD5 checksum: 270096 66e5f9ec3fd945b591fb81629e775b35\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-standard_1.4.5-1etch1_mipsel.deb\n Size/MD5 checksum: 258108 90da4f6c80fab92b53e7aee163c6513f\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-basic_1.4.5-1etch1_mipsel.deb\n Size/MD5 checksum: 583182 888620e0ab476014e50103cf8c121c8b\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4.5-1etch1_mipsel.deb\n Size/MD5 checksum: 80352 c531e93967842f092fb3d17bb85d6285\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-basic_1.4.5-1etch1_powerpc.deb\n Size/MD5 checksum: 571284 948635d992c8f31e62f138f1101a3439\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4.5-1etch1_powerpc.deb\n Size/MD5 checksum: 80350 1af2e6bc171acd12b8ac77a0fc8da522\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-standard_1.4.5-1etch1_powerpc.deb\n Size/MD5 checksum: 249124 79d4b0e36b2658cce9ad9a6f5d7065c9\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4.5-1etch1_s390.deb\n Size/MD5 checksum: 80346 c5757ac42adb6885db11da7d57afc02a\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-standard_1.4.5-1etch1_s390.deb\n Size/MD5 checksum: 229434 5d09acd328ba96f9198a4fc994826cff\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-basic_1.4.5-1etch1_s390.deb\n Size/MD5 checksum: 503826 1ee5e9657e38c53e40a9418d64e3e83c\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4.5-1etch1_sparc.deb\n Size/MD5 checksum: 80350 de57d21d5c7ef817d10a6aa7b682b724\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-basic_1.4.5-1etch1_sparc.deb\n Size/MD5 checksum: 461116 bab05b0e3eb8c96f94193c180150cf57\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-standard_1.4.5-1etch1_sparc.deb\n Size/MD5 checksum: 212116 62c17dc86bf4f424c413d6bb2aff8b70\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 3, "modified": "2008-02-12T22:48:31", "published": "2008-02-12T22:48:31", "id": "DEBIAN:DSA-1495-1:3D3B7", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00057.html", "title": "[SECURITY] [DSA 1495-1] New nagios-plugins packages fix several\tvulnerabilities", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-11T13:17:10", "bulletinFamily": "unix", "cvelist": ["CVE-2007-5623", "CVE-2007-5198"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1495-2 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nFebruary 17, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : nagios-plugins\nVulnerability : buffer overflows\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2007-5198 CVE-2007-5623\n\nA problem with the build system of the nagios-plugins package from old\nstable (Sarge) lead to check_procs not being included for the i386\narchitecture. This update fixes this regression. For reference the\noriginal advisory text below:\n\nSeveral local/remote vulnerabilities have been discovered in two of\nthe plugins for the Nagios network monitoring and management system.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2007-5198\n\n A buffer overflow has been discovered in the parser for HTTP\n Location headers (present in the check_http module).\n\nCVE-2007-5623\n\n A buffer overflow has been discovered in the check_snmp module.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.4.5-1etch1.\n\nFor the old stable distribution (sarge), these problems have been\nfixed in version 1.4-6sarge2.\n\nWe recommend that you upgrade your nagios-plugins package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian 3.1 (oldstable)\n- ----------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4-6sarge2.dsc\n Size/MD5 checksum: 927 51eb15268f75ef4f4271d33706c92029\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4.orig.tar.gz\n Size/MD5 checksum: 973910 d46ae53154a228614629d50ea56d46b6\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4-6sarge2.diff.gz\n Size/MD5 checksum: 22422 573798e3cce46bf2b5d0206472db13f8\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4-6sarge2_alpha.deb\n Size/MD5 checksum: 514752 f4931888fbe7aa359fe68adc160e1429\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4-6sarge2_amd64.deb\n Size/MD5 checksum: 395950 a5450650d11dddf74e6379165b069308\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4-6sarge2_arm.deb\n Size/MD5 checksum: 379384 76bcf58893f373e308afa4ec1f10b278\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4-6sarge2_hppa.deb\n Size/MD5 checksum: 393034 f37e7bcc007c031c593dd77bb1b0cb7d\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4-6sarge2_i386.deb\n Size/MD5 checksum: 384998 d536fe6fbae4b376325984e3f3739572\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4-6sarge2_ia64.deb\n Size/MD5 checksum: 644450 e732ba3933eaa34c98d365586dbe84d5\n\nm68k architecture (Motorola Mc680x0)\n\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4-6sarge2_m68k.deb\n Size/MD5 checksum: 336632 5f48a57884094ae79c07f861ff4839f0\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4-6sarge2_mips.deb\n Size/MD5 checksum: 544968 55a7bb6628e93c37090846f58cafa432\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4-6sarge2_mipsel.deb\n Size/MD5 checksum: 532950 48493d1a8ddbcd3715fbfba6c9186681\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4-6sarge2_powerpc.deb\n Size/MD5 checksum: 367814 142d28f8c6aff94a72f6b19d0501f1ac\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4-6sarge2_s390.deb\n Size/MD5 checksum: 372306 f564fa8e28ec10b7cbbfacffbd9229ab\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4-6sarge2_sparc.deb\n Size/MD5 checksum: 349258 907911b940ffc915095dadf9c97d5f2c\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 3, "modified": "2008-02-17T14:37:52", "published": "2008-02-17T14:37:52", "id": "DEBIAN:DSA-1495-2:CE213", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00061.html", "title": "[SECURITY] [DSA 1495-2] New nagios-plugins packages fix regression", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:24", "bulletinFamily": "software", "cvelist": ["CVE-2007-5623", "CVE-2007-5198"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nGentoo Linux Security Advisory GLSA 200711-11\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n http://security.gentoo.org/\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\n Severity: High\r\n Title: Nagios Plugins: Two buffer overflows\r\n Date: November 08, 2007\r\n Bugs: #196308, #194178\r\n ID: 200711-11\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\nSynopsis\r\n========\r\n\r\nTwo buffer overflow vulnerabilities in the Nagios Plugins might allow\r\nfor remote execution of arbitrary code.\r\n\r\nBackground\r\n==========\r\n\r\nThe Nagios Plugins are an official set of plugins for Nagios, an open\r\nsource host, service and network monitoring program.\r\n\r\nAffected packages\r\n=================\r\n\r\n -------------------------------------------------------------------\r\n Package / Vulnerable / Unaffected\r\n -------------------------------------------------------------------\r\n 1 net-analyzer/nagios-plugins < 1.4.10-r1 >= 1.4.10-r1\r\n\r\nDescription\r\n===========\r\n\r\nfabiodds reported a boundary checking error in the "check_snmp" plugin\r\nwhen processing SNMP "GET" replies that could lead to a stack-based\r\nbuffer overflow (CVE-2007-5623). Nobuhiro Ban reported a boundary\r\nchecking error in the redir() function of the "check_http" plugin when\r\nprocessing HTTP "Location:" header information which might lead to a\r\nbuffer overflow (CVE-2007-5198).\r\n\r\nImpact\r\n======\r\n\r\nA remote attacker could exploit these vulnerabilities to execute\r\narbitrary code with the privileges of the user running Nagios or cause\r\na Denial of Service by (1) sending a specially crafted SNMP "GET" reply\r\nto the Nagios daemon or (2) sending an overly long string in the\r\n"Location:" header of an HTTP reply. Note that to exploit (2), the\r\nmalicious or compromised web server has to be configured in Nagios and\r\nthe "-f" (follow) option has to be enabled.\r\n\r\nWorkaround\r\n==========\r\n\r\nThere is no known workaround at this time.\r\n\r\nResolution\r\n==========\r\n\r\nAll users of the Nagios Plugins should upgrade to the latest version:\r\n\r\n # emerge --sync\r\n # emerge -av --oneshot ">=net-analyzer/nagios-plugins-1.4.10-r1"\r\n\r\nReferences\r\n==========\r\n\r\n [ 1 ] CVE-2007-5198\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5198\r\n [ 2 ] CVE-2007-5623\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5623\r\n\r\nAvailability\r\n============\r\n\r\nThis GLSA and any updates to it are available for viewing at\r\nthe Gentoo Security Website:\r\n\r\n http://security.gentoo.org/glsa/glsa-200711-11.xml\r\n\r\nConcerns?\r\n=========\r\n\r\nSecurity is a primary focus of Gentoo Linux and ensuring the\r\nconfidentiality and security of our users machines is of utmost\r\nimportance to us. Any security concerns should be addressed to\r\nsecurity@gentoo.org or alternatively, you may file a bug at\r\nhttp://bugs.gentoo.org.\r\n\r\nLicense\r\n=======\r\n\r\nCopyright 2007 Gentoo Foundation, Inc; referenced text\r\nbelongs to its owner(s).\r\n\r\nThe contents of this document are licensed under the\r\nCreative Commons - Attribution / Share Alike license.\r\n\r\nhttp://creativecommons.org/licenses/by-sa/2.5\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.7 (GNU/Linux)\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org\r\n\r\niD8DBQFHM2DVuhJ+ozIKI5gRAn38AJ98L27Sde9S5ebhZYWNt+je89v1UACffi8l\r\nCeAHOSuc4Z2xQ9nFp6T8a20=\r\n=IvZ2\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2007-11-14T00:00:00", "published": "2007-11-14T00:00:00", "id": "SECURITYVULNS:DOC:18410", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:18410", "title": "[ GLSA 200711-11 ] Nagios Plugins: Two buffer overflows", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:27", "bulletinFamily": "software", "cvelist": ["CVE-2007-5623", "CVE-2007-5198"], "description": "Buffer overflows in check_snmp and check_http on server reply parsing.", "edition": 1, "modified": "2007-11-14T00:00:00", "published": "2007-11-14T00:00:00", "id": "SECURITYVULNS:VULN:8344", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8344", "title": "Nagios plugins multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-01T06:32:54", "description": "fix possible buffer overflow during HTTP Location header parsing in\ncheck_http (CVE-2007-5198) fix possible buffer overflow during snmpget\nparsing in check_snmp (CVE-2007-5623)", "edition": 22, "published": "2007-11-29T00:00:00", "title": "openSUSE 10 Security Update : nagios-plugins (nagios-plugins-4621)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5623", "CVE-2007-5198"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:nagios-plugins-extras", "cpe:/o:novell:opensuse:10.3", "cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:nagios-plugins", "cpe:/o:novell:opensuse:10.1"], "id": "SUSE_NAGIOS-PLUGINS-4621.NASL", "href": "https://www.tenable.com/plugins/nessus/28356", "sourceData": "if (\n !defined_func(\"nasl_level\") ||\n nasl_level() < 61201 ||\n (nasl_level() >= 70000 && nasl_level() < 70105) ||\n (nasl_level() >= 70200 && nasl_level() < 70203) ||\n (nasl_level() >= 80000 && nasl_level() < 80502)\n ) exit(0);\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update nagios-plugins-4621.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(28356);\n script_version (\"1.9\");\n script_cvs_date(\"Date: 2019/10/24 13:56:42\");\n\n script_cve_id(\"CVE-2007-5198\", \"CVE-2007-5623\");\n\n script_name(english:\"openSUSE 10 Security Update : nagios-plugins (nagios-plugins-4621)\");\n script_summary(english:\"Check for the nagios-plugins-4621 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"fix possible buffer overflow during HTTP Location header parsing in\ncheck_http (CVE-2007-5198) fix possible buffer overflow during snmpget\nparsing in check_snmp (CVE-2007-5623)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nagios-plugins packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nagios-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nagios-plugins-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"nagios-plugins-1.4.2-16.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"nagios-plugins-extras-1.4.2-16.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"nagios-plugins-1.4.5-8\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"nagios-plugins-extras-1.4.5-8\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"nagios-plugins-1.4.9-19.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"nagios-plugins-extras-1.4.9-19.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nagios-plugins / nagios-plugins-extras\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:52:16", "description": "The remote host is affected by the vulnerability described in GLSA-200711-11\n(Nagios Plugins: Two buffer overflows)\n\n fabiodds reported a boundary checking error in the 'check_snmp' plugin\n when processing SNMP 'GET' replies that could lead to a stack-based\n buffer overflow (CVE-2007-5623). Nobuhiro Ban reported a boundary\n checking error in the redir() function of the 'check_http' plugin when\n processing HTTP 'Location:' header information which might lead to a\n buffer overflow (CVE-2007-5198).\n \nImpact :\n\n A remote attacker could exploit these vulnerabilities to execute\n arbitrary code with the privileges of the user running Nagios or cause\n a Denial of Service by (1) sending a specially crafted SNMP 'GET' reply\n to the Nagios daemon or (2) sending an overly long string in the\n 'Location:' header of an HTTP reply. Note that to exploit (2), the\n malicious or compromised web server has to be configured in Nagios and\n the '-f' (follow) option has to be enabled.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 25, "published": "2007-11-09T00:00:00", "title": "GLSA-200711-11 : Nagios Plugins: Two buffer overflows", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5623", "CVE-2007-5198"], "modified": "2007-11-09T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:nagios-plugins", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200711-11.NASL", "href": "https://www.tenable.com/plugins/nessus/27846", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200711-11.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27846);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-5198\", \"CVE-2007-5623\");\n script_xref(name:\"GLSA\", value:\"200711-11\");\n\n script_name(english:\"GLSA-200711-11 : Nagios Plugins: Two buffer overflows\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200711-11\n(Nagios Plugins: Two buffer overflows)\n\n fabiodds reported a boundary checking error in the 'check_snmp' plugin\n when processing SNMP 'GET' replies that could lead to a stack-based\n buffer overflow (CVE-2007-5623). Nobuhiro Ban reported a boundary\n checking error in the redir() function of the 'check_http' plugin when\n processing HTTP 'Location:' header information which might lead to a\n buffer overflow (CVE-2007-5198).\n \nImpact :\n\n A remote attacker could exploit these vulnerabilities to execute\n arbitrary code with the privileges of the user running Nagios or cause\n a Denial of Service by (1) sending a specially crafted SNMP 'GET' reply\n to the Nagios daemon or (2) sending an overly long string in the\n 'Location:' header of an HTTP reply. Note that to exploit (2), the\n malicious or compromised web server has to be configured in Nagios and\n the '-f' (follow) option has to be enabled.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200711-11\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All users of the Nagios Plugins should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-analyzer/nagios-plugins-1.4.10-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:nagios-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-analyzer/nagios-plugins\", unaffected:make_list(\"ge 1.4.10-r1\"), vulnerable:make_list(\"lt 1.4.10-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Nagios Plugins\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T06:32:54", "description": "fix possible buffer overflow during HTTP Location header parsing in\ncheck_http (CVE-2007-5198) fix possible buffer overflow during snmpget\nparsing in check_snmp. (CVE-2007-5623)", "edition": 22, "published": "2007-12-13T00:00:00", "title": "SuSE 10 Security Update : nagios plugins (ZYPP Patch Number 4624)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5623", "CVE-2007-5198"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_NAGIOS-PLUGINS-4624.NASL", "href": "https://www.tenable.com/plugins/nessus/29526", "sourceData": "if (\n !defined_func(\"nasl_level\") ||\n nasl_level() < 61201 ||\n (nasl_level() >= 70000 && nasl_level() < 70105) ||\n (nasl_level() >= 70200 && nasl_level() < 70203) ||\n (nasl_level() >= 80000 && nasl_level() < 80502)\n ) exit(0);\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29526);\n script_version (\"1.12\");\n script_cvs_date(\"Date: 2019/10/24 13:56:42\");\n\n script_cve_id(\"CVE-2007-5198\", \"CVE-2007-5623\");\n\n script_name(english:\"SuSE 10 Security Update : nagios plugins (ZYPP Patch Number 4624)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"fix possible buffer overflow during HTTP Location header parsing in\ncheck_http (CVE-2007-5198) fix possible buffer overflow during snmpget\nparsing in check_snmp. (CVE-2007-5623)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-5198.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-5623.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 4624.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"nagios-plugins-1.4.5-16.13\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"nagios-plugins-extras-1.4.5-16.13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:02:13", "description": "fix possible buffer overflow during HTTP Location header parsing in\ncheck_http (CVE-2007-5198) fix possible buffer overflow during snmpget\nparsing in check_snmp. (CVE-2007-5623)", "edition": 23, "published": "2009-09-24T00:00:00", "title": "SuSE9 Security Update : nagios plugins (YOU Patch Number 11953)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5623", "CVE-2007-5198"], "modified": "2009-09-24T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_11953.NASL", "href": "https://www.tenable.com/plugins/nessus/41162", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41162);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-5198\", \"CVE-2007-5623\");\n\n script_name(english:\"SuSE9 Security Update : nagios plugins (YOU Patch Number 11953)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"fix possible buffer overflow during HTTP Location header parsing in\ncheck_http (CVE-2007-5198) fix possible buffer overflow during snmpget\nparsing in check_snmp. (CVE-2007-5623)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-5198.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-5623.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 11953.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"nagios-plugins-1.3.1-270.13\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"nagios-plugins-extras-1.3.1-270.13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:06:07", "description": " - Fri Oct 26 2007 Mike McGrath <mmcgrath at redhat.com>\n 1.4.8-9\n\n - Fix for Bug 348731 and CVE-2007-5623\n\n - Wed Aug 22 2007 Mike McGrath <mmcgrath at redhat.com>\n 1.4.8-7\n\n - Rebuild for BuildID\n\n - License change\n\n - Fri Aug 10 2007 Mike McGrath <mmcgrath at redhat.com>\n 1.4.8-6\n\n - Fix for check_linux_raid - #234416\n\n - Fix for check_ide_disk - #251635\n\n - Tue Aug 7 2007 Mike McGrath <mmcgrath at redhat.com>\n 1.4.8-2\n\n - Fix for check_smtp - #251049\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2007-11-06T00:00:00", "title": "Fedora 7 : nagios-plugins-1.4.8-9.fc7 (2007-2713)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5623"], "modified": "2007-11-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:nagios-plugins-ssh", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-linux_raid", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-by_ssh", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-breeze", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-dhcp", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-mrtg", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-snmp", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-http", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-swap", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-oracle", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-ntp", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-debuginfo", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-icmp", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-real", "cpe:/o:fedoraproject:fedora:7", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-game", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-ldap", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-ifoperstatus", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-ifstatus", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-sensors", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-ircd", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-overcr", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-dns", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-rpc", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-dig", "p-cpe:/a:fedoraproject:fedora:nagios-plugins", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-mailq", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-ide_smart", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-mysql", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-nwstat", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-nagios", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-all", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-users", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-mrtgtraf", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-perl", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-radius", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-wave", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-dummy", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-log", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-smtp", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-tcp", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-ups", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-disk_smb", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-fping", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-time", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-procs", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-nt", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-load", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-ping", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-udp", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-hpjd", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-flexlm", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-pgsql", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-file_age", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-apt", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-disk"], "id": "FEDORA_2007-2713.NASL", "href": "https://www.tenable.com/plugins/nessus/27795", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-2713.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27795);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2007-5623\");\n script_bugtraq_id(26215);\n script_xref(name:\"FEDORA\", value:\"2007-2713\");\n\n script_name(english:\"Fedora 7 : nagios-plugins-1.4.8-9.fc7 (2007-2713)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fri Oct 26 2007 Mike McGrath <mmcgrath at redhat.com>\n 1.4.8-9\n\n - Fix for Bug 348731 and CVE-2007-5623\n\n - Wed Aug 22 2007 Mike McGrath <mmcgrath at redhat.com>\n 1.4.8-7\n\n - Rebuild for BuildID\n\n - License change\n\n - Fri Aug 10 2007 Mike McGrath <mmcgrath at redhat.com>\n 1.4.8-6\n\n - Fix for check_linux_raid - #234416\n\n - Fix for check_ide_disk - #251635\n\n - Tue Aug 7 2007 Mike McGrath <mmcgrath at redhat.com>\n 1.4.8-2\n\n - Fix for check_smtp - #251049\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=348731\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-November/004414.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?75b4df62\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-apt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-breeze\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-by_ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-dhcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-dig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-disk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-disk_smb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-dns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-dummy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-file_age\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-flexlm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-fping\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-game\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-hpjd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-http\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-icmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-ide_smart\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-ifoperstatus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-ifstatus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-ircd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-linux_raid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-load\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-log\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-mailq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-mrtg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-mrtgtraf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-nagios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-nt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-nwstat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-overcr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-ping\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-procs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-radius\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-real\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-rpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-sensors\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-smtp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-swap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-tcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-time\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-udp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-ups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-users\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-wave\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-all-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-apt-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-breeze-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-by_ssh-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-debuginfo-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-dhcp-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-dig-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-disk-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-disk_smb-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-dns-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-dummy-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-file_age-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-flexlm-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-fping-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-game-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-hpjd-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-http-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-icmp-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-ide_smart-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-ifoperstatus-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-ifstatus-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-ircd-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-ldap-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-linux_raid-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-load-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-log-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-mailq-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-mrtg-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-mrtgtraf-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-mysql-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-nagios-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-nt-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-ntp-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-nwstat-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-oracle-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-overcr-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-perl-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-pgsql-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-ping-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-procs-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-radius-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-real-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-rpc-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-sensors-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-smtp-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-snmp-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-ssh-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-swap-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-tcp-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-time-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-udp-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-ups-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-users-1.4.8-9.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-wave-1.4.8-9.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nagios-plugins / nagios-plugins-all / nagios-plugins-apt / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:06:08", "description": " - Fri Oct 26 2007 Mike McGrath <mmcgrath at redhat.com>\n 1.4.8-9\n\n - Fix for Bug 348731 and CVE-2007-5623\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2007-11-07T00:00:00", "title": "Fedora 8 : nagios-plugins-1.4.8-9.fc8 (2007-2876)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5623"], "modified": "2007-11-07T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:nagios-plugins-ssh", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-linux_raid", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-by_ssh", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-breeze", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-dhcp", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-mrtg", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-snmp", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-http", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-swap", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-oracle", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-ntp", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-debuginfo", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-icmp", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-real", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-game", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-ldap", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-ifoperstatus", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-ifstatus", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-sensors", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-ircd", "cpe:/o:fedoraproject:fedora:8", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-overcr", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-dns", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-rpc", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-dig", "p-cpe:/a:fedoraproject:fedora:nagios-plugins", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-mailq", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-ide_smart", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-mysql", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-nwstat", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-nagios", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-all", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-users", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-mrtgtraf", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-perl", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-radius", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-wave", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-dummy", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-log", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-smtp", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-tcp", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-ups", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-disk_smb", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-fping", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-time", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-procs", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-nt", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-load", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-ping", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-udp", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-hpjd", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-flexlm", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-pgsql", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-file_age", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-apt", "p-cpe:/a:fedoraproject:fedora:nagios-plugins-disk"], "id": "FEDORA_2007-2876.NASL", "href": "https://www.tenable.com/plugins/nessus/27811", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-2876.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27811);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2007-5623\");\n script_xref(name:\"FEDORA\", value:\"2007-2876\");\n\n script_name(english:\"Fedora 8 : nagios-plugins-1.4.8-9.fc8 (2007-2876)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fri Oct 26 2007 Mike McGrath <mmcgrath at redhat.com>\n 1.4.8-9\n\n - Fix for Bug 348731 and CVE-2007-5623\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=348731\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-November/004543.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cb1dcbd3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-apt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-breeze\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-by_ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-dhcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-dig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-disk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-disk_smb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-dns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-dummy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-file_age\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-flexlm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-fping\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-game\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-hpjd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-http\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-icmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-ide_smart\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-ifoperstatus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-ifstatus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-ircd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-linux_raid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-load\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-log\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-mailq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-mrtg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-mrtgtraf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-nagios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-nt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-ntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-nwstat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-overcr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-ping\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-procs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-radius\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-real\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-rpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-sensors\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-smtp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-swap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-tcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-time\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-udp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-ups\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-users\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins-wave\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-all-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-apt-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-breeze-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-by_ssh-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-debuginfo-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-dhcp-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-dig-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-disk-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-disk_smb-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-dns-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-dummy-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-file_age-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-flexlm-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-fping-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-game-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-hpjd-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-http-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-icmp-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-ide_smart-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-ifoperstatus-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-ifstatus-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-ircd-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-ldap-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-linux_raid-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-load-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-log-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-mailq-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-mrtg-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-mrtgtraf-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-mysql-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-nagios-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-nt-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-ntp-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-nwstat-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-oracle-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-overcr-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-perl-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-pgsql-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-ping-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-procs-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-radius-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-real-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-rpc-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-sensors-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-smtp-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-snmp-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-ssh-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-swap-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-tcp-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-time-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-udp-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-ups-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-users-1.4.8-9.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-wave-1.4.8-9.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nagios-plugins / nagios-plugins-all / nagios-plugins-apt / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T10:45:43", "description": "A Secunia Advisory reports :\n\nThe vulnerability is caused due to a boundary error within the redir()\nfunction in check_http.c when processing HTTP Location : header\ninformation. This can be exploited to cause a buffer overflow by\nreturning an overly long string in the 'Location:' header to a\nvulnerable system.", "edition": 26, "published": "2007-10-15T00:00:00", "title": "FreeBSD : nagios-plugins -- Long Location Header Buffer Overflow Vulnerability (7453c85d-7830-11dc-b4c8-0016179b2dd5)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5198"], "modified": "2007-10-15T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:nagios-plugins"], "id": "FREEBSD_PKG_7453C85D783011DCB4C80016179B2DD5.NASL", "href": "https://www.tenable.com/plugins/nessus/27044", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27044);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-5198\");\n script_xref(name:\"Secunia\", value:\"27124\");\n\n script_name(english:\"FreeBSD : nagios-plugins -- Long Location Header Buffer Overflow Vulnerability (7453c85d-7830-11dc-b4c8-0016179b2dd5)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A Secunia Advisory reports :\n\nThe vulnerability is caused due to a boundary error within the redir()\nfunction in check_http.c when processing HTTP Location : header\ninformation. This can be exploited to cause a buffer overflow by\nreturning an overly long string in the 'Location:' header to a\nvulnerable system.\"\n );\n # http://sourceforge.net/forum/forum.php?forum_id=740172\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://sourceforge.net/p/legacy_/forum/forum.php?forum_id=740172\"\n );\n # https://vuxml.freebsd.org/freebsd/7453c85d-7830-11dc-b4c8-0016179b2dd5.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?32eb7207\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:nagios-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/09/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"nagios-plugins<1.4.10,1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:06:29", "description": "Upstream released a new version. This also fixes CVE-2007-5198\n(#315101).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2008-04-18T00:00:00", "title": "Fedora 8 : nagios-plugins-1.4.11-2.fc8 (2008-3061)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5198"], "modified": "2008-04-18T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:8", "p-cpe:/a:fedoraproject:fedora:nagios-plugins"], "id": "FEDORA_2008-3061.NASL", "href": "https://www.tenable.com/plugins/nessus/31975", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-3061.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31975);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2007-5198\");\n script_bugtraq_id(25952);\n script_xref(name:\"FEDORA\", value:\"2008-3061\");\n\n script_name(english:\"Fedora 8 : nagios-plugins-1.4.11-2.fc8 (2008-3061)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upstream released a new version. This also fixes CVE-2007-5198\n(#315101).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=315101\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-April/009274.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a6721617\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nagios-plugins package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"nagios-plugins-1.4.11-2.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nagios-plugins\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:06:29", "description": "Upstream released a new version. This also fixes CVE-2007-5198\n(#315101).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2008-04-18T00:00:00", "title": "Fedora 7 : nagios-plugins-1.4.11-2.fc7 (2008-3146)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5198"], "modified": "2008-04-18T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:7", "p-cpe:/a:fedoraproject:fedora:nagios-plugins"], "id": "FEDORA_2008-3146.NASL", "href": "https://www.tenable.com/plugins/nessus/31981", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-3146.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31981);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2007-5198\");\n script_bugtraq_id(25952);\n script_xref(name:\"FEDORA\", value:\"2008-3146\");\n\n script_name(english:\"Fedora 7 : nagios-plugins-1.4.11-2.fc7 (2008-3146)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upstream released a new version. This also fixes CVE-2007-5198\n(#315101).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=315101\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-April/009345.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?16bc57c3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nagios-plugins package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nagios-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"nagios-plugins-1.4.11-2.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nagios-plugins\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T15:44:05", "description": "Nobuhiro Ban discovered that check_http in nagios-plugins did not\nproperly sanitize its input when following redirection requests. A\nmalicious remote web server could cause a denial of service or\npossibly execute arbitrary code as the user. (CVE-2007-5198)\n\nAravind Gottipati discovered that sslutils.c in nagios-plugins did not\nproperly reset pointers to NULL. A malicious remote web server could\ncause a denial of service.\n\nAravind Gottipati discovered that check_http in nagios-plugins did not\nproperly calculate how much memory to reallocate when following\nredirection requests. A malicious remote web server could cause a\ndenial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2007-11-10T00:00:00", "title": "Ubuntu 6.06 LTS : nagios-plugins vulnerability (USN-532-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5198"], "modified": "2007-11-10T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:nagios-plugins", "p-cpe:/a:canonical:ubuntu_linux:nagios-plugins-basic", "p-cpe:/a:canonical:ubuntu_linux:nagios-plugins-standard", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-532-1.NASL", "href": "https://www.tenable.com/plugins/nessus/28138", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-532-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(28138);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2007-5198\");\n script_xref(name:\"USN\", value:\"532-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS : nagios-plugins vulnerability (USN-532-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Nobuhiro Ban discovered that check_http in nagios-plugins did not\nproperly sanitize its input when following redirection requests. A\nmalicious remote web server could cause a denial of service or\npossibly execute arbitrary code as the user. (CVE-2007-5198)\n\nAravind Gottipati discovered that sslutils.c in nagios-plugins did not\nproperly reset pointers to NULL. A malicious remote web server could\ncause a denial of service.\n\nAravind Gottipati discovered that check_http in nagios-plugins did not\nproperly calculate how much memory to reallocate when following\nredirection requests. A malicious remote web server could cause a\ndenial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/532-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected nagios-plugins, nagios-plugins-basic and / or\nnagios-plugins-standard packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nagios-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nagios-plugins-basic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nagios-plugins-standard\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"nagios-plugins\", pkgver:\"1.4.2-5ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"nagios-plugins-basic\", pkgver:\"1.4.2-5ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"nagios-plugins-standard\", pkgver:\"1.4.2-5ubuntu3.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nagios-plugins / nagios-plugins-basic / nagios-plugins-standard\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2007-5198", "CVE-2007-5623"], "description": " Nagios is a program that will monitor hosts and services on your network, and to email or page you when a problem arises or is resolved. Nagios runs on a Unix server as a background or daemon process, intermittently running checks on various services that you specify. The actual service checks are performed by separate \"plugin\" programs which return the status of the checks to Nagios. This package contains those plugins. ", "modified": "2008-04-17T03:54:34", "published": "2008-04-17T03:54:34", "id": "FEDORA:M3H46GNI015181", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: nagios-plugins-1.4.11-2.fc7", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2007-5198", "CVE-2007-5623"], "description": " Nagios is a program that will monitor hosts and services on your network, and to email or page you when a problem arises or is resolved. Nagios runs on a Unix server as a background or daemon process, intermittently running checks on various services that you specify. The actual service checks are performed by separate \"plugin\" programs which return the status of the checks to Nagios. This package contains those plugins. ", "modified": "2008-04-17T03:48:55", "published": "2008-04-17T03:48:55", "id": "FEDORA:M3H40KDM014494", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: nagios-plugins-1.4.11-2.fc8", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-5623"], "description": " Nagios is a program that will monitor hosts and services on your network, and to email or page you when a problem arises or is resolved. Nagios runs on a Unix server as a background or daemon process, intermittently running checks on various services that you specify. The actual service checks are performed by separate \"plugin\" programs which return the status of the checks to Nagios. This package contains those plugins. ", "modified": "2007-11-01T21:14:12", "published": "2007-11-01T21:14:12", "id": "FEDORA:LA1LE8DW030830", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: nagios-plugins-1.4.8-9.fc7", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-5623"], "description": " Nagios is a program that will monitor hosts and services on your network, and to email or page you when a problem arises or is resolved. Nagios runs on a Unix server as a background or daemon process, intermittently running checks on various services that you specify. The actual service checks are performed by separate \"plugin\" programs which return the status of the checks to Nagios. This package contains those plugins. ", "modified": "2007-11-06T16:13:15", "published": "2007-11-06T16:13:15", "id": "FEDORA:LA6GDBGW005581", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: nagios-plugins-1.4.8-9.fc8", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2007-5198"], "description": "Nagios is a program that will monitor hosts and services on your network. It has the ability to send email or page alerts when a problem arises and when a problem is resolved. Nagios is written in C and is designed to run under Linux (and some other *NIX variants) as a background process, intermittently running checks on various services that you specify. The actual service checks are performed by separate \"plugin\" programs which return the status of the checks to Nagios. The plugins are available at http://sourceforge.net/projects/nagiosplug. This package provides the core program, web interface, and documentation files for Nagios. Development files are built as a separate package. ", "modified": "2008-04-17T03:52:13", "published": "2008-04-17T03:52:13", "id": "FEDORA:M3H44B5J014924", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: nagios-2.11-3.fc8", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2019-07-14T14:43:24", "bulletinFamily": "unix", "cvelist": ["CVE-2007-5623"], "description": "This update adds monitoring-plugins to PackageHub 15, for use by various\n monitoring solutions.\n\n", "edition": 1, "modified": "2019-07-14T12:11:36", "published": "2019-07-14T12:11:36", "id": "OPENSUSE-SU-2019:1702-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00011.html", "title": "Security update for monitoring-plugins (moderate)", "type": "suse", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2020-07-09T00:29:32", "bulletinFamily": "unix", "cvelist": ["CVE-2007-5198"], "description": "Nobuhiro Ban discovered that check_http in nagios-plugins did \nnot properly sanitize its input when following redirection \nrequests. A malicious remote web server could cause a denial \nof service or possibly execute arbitrary code as the user. \n(CVE-2007-5198)\n\nAravind Gottipati discovered that sslutils.c in nagios-plugins \ndid not properly reset pointers to NULL. A malicious remote web \nserver could cause a denial of service.\n\nAravind Gottipati discovered that check_http in nagios-plugins \ndid not properly calculate how much memory to reallocate when \nfollowing redirection requests. A malicious remote web server \ncould cause a denial of service.", "edition": 5, "modified": "2007-10-22T00:00:00", "published": "2007-10-22T00:00:00", "id": "USN-532-1", "href": "https://ubuntu.com/security/notices/USN-532-1", "title": "nagios-plugins vulnerability", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:32", "bulletinFamily": "unix", "cvelist": ["CVE-2007-5198"], "description": "\nA Secunia Advisory reports:\n\nThe vulnerability is caused due to a boundary error within the\n\t redir() function in check_http.c when processing HTTP Location:\n\t header information. This can be exploited to cause a buffer overflow\n\t by returning an overly long string in the \"Location:\" header to a\n\t vulnerable system.\n\n", "edition": 4, "modified": "2007-09-28T00:00:00", "published": "2007-09-28T00:00:00", "id": "7453C85D-7830-11DC-B4C8-0016179B2DD5", "href": "https://vuxml.freebsd.org/freebsd/7453c85d-7830-11dc-b4c8-0016179b2dd5.html", "title": "nagios-plugins -- Long Location Header Buffer Overflow Vulnerability", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "exploitdb": [{"lastseen": "2016-02-03T12:47:55", "description": "Nagios Plugins 1.4.2/1.4.9 Location Header Remote Buffer Overflow Vulnerability. CVE-2007-5198. Dos exploit for linux platform", "published": "2007-07-16T00:00:00", "type": "exploitdb", "title": "Nagios Plugins 1.4.2/1.4.9 Location Header Remote Buffer Overflow Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-5198"], "modified": "2007-07-16T00:00:00", "id": "EDB-ID:30646", "href": "https://www.exploit-db.com/exploits/30646/", "sourceData": "source: http://www.securityfocus.com/bid/25952/info\r\n\r\nNagios Plugins are prone to a remote buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer.\r\n\r\nExploiting this issue allows attackers to execute arbitrary machine code in the context of users running the affected software.\r\n\r\nThis issue affects Nagios Plugins 1.4.9; other versions may also be vulnerable. \r\n\r\nLocation: htttttttttttttttttttttttttttttttttttttttttttp://example.com/\r\n\r\nLocation: http://example.com:1234567890123456789012345678901234567890/\r\n\r\nLocation:\r\nhttp://tooooooooooooooooooooooooooooooooooooooooooooooooooo.loooooooooooooo\r\noooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong.looooooooo\r\nooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong.loooo\r\noooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong.\r\nloooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo\r\noong.looooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo\r\nooooooong.loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo\r\noooooooooooong.host-name.example.com/ ", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/30646/"}]}
