Lucene search
UbuntuUSN-287-1HistoryMay 29, 2006 - 12:00 a.m.
Nagios vulnerability
2006-05-2900:00:00
ubuntu.com
33
Releases
- Ubuntu 5.10
- Ubuntu 5.04
Details
The nagios CGI scripts did not sufficiently check the validity of the
HTTP Content-Length attribute. By sending a specially crafted HTTP
request with an invalidly large Content-Length value to the Nagios
server, a remote attacker could exploit this to execute arbitrary code
with web server privileges.
Please note that the Apache 2 web server already checks for valid
Content-Length values, so installations using Apache 2 (the only web
server officially supported in Ubuntu) are not vulnerable to this
flaw.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 5.10 | noarch | nagios-common | < * | UNKNOWN |
| Ubuntu | 5.04 | noarch | nagios-common | < * | UNKNOWN |
References
Related
cve
cve
CVE-2006-2489
2006-05-19 23:02:00
nessus
nessus
Ubuntu 5.04 / 5.10 : nagios vulnerability (USN-287-1)
2006-05-29 00:00:00
Debian DSA-1072-1 : nagios - buffer overflow
2006-10-14 00:00:00
GLSA-200605-07 : Nagios: Buffer overflow
2006-05-13 00:00:00
cvelist
cvelist
CVE-2006-2489
2006-05-19 23:00:00
openvas
openvas
Debian Security Advisory DSA 1072-1 (nagios)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-1072-1)
2008-01-17 00:00:00
ubuntucve
ubuntucve
CVE-2006-2489
2006-05-19 00:00:00
gentoo
gentoo
Nagios: Buffer overflow
2006-05-07 00:00:00
debian
debian
[SECURITY] [DSA 1072-1] New Nagios packages fix arbitrary code execution
2006-05-22 15:04:00
[SECURITY] [DSA 1072-1] New Nagios packages fix arbitrary code execution
2006-05-22 15:04:00
prion
prion
Integer overflow
2006-05-19 23:02:00
osv
osv
nagios - buffer overflow
2006-05-22 00:00:00