nagios-plugins vulnerability

2007-10-22T00:00:00
ID USN-532-1
Type ubuntu
Reporter Ubuntu
Modified 2007-10-22T00:00:00

Description

Nobuhiro Ban discovered that check_http in nagios-plugins did not properly sanitize its input when following redirection requests. A malicious remote web server could cause a denial of service or possibly execute arbitrary code as the user. (CVE-2007-5198)

Aravind Gottipati discovered that sslutils.c in nagios-plugins did not properly reset pointers to NULL. A malicious remote web server could cause a denial of service.

Aravind Gottipati discovered that check_http in nagios-plugins did not properly calculate how much memory to reallocate when following redirection requests. A malicious remote web server could cause a denial of service.