6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.021 Low
EPSS
Percentile
89.0%
Buffer overflow in the redir function in check_http.c in Nagios Plugins
before 1.4.10, when running with the -f (follow) option, allows remote web
servers to execute arbitrary code via Location header responses (redirects)
with a large number of leading “L” characters.
Author | Note |
---|---|
jdstrand | supplied debdiff in LP doesn’t address (fixed in CVS before 1.4.11) http://sourceforge.net/tracker/index.php?func=detail&aid=1813346&group_id=29880&atid=397597 also has two DoS: http://sourceforge.net/tracker/index.php?func=detail&aid=1729692&group_id=29880&atid=397597 http://nagiosplug.cvs.sourceforge.net/nagiosplug/nagiosplug/plugins/sslutils.c?r1=1.3&r2=1.4 (no bug report, see the changelog) |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | nagios-plugins | < 1.4.2-5ubuntu3.1 | UNKNOWN |
ubuntu | 6.10 | noarch | nagios-plugins | < 1.4.3.0cvs.20060707-3ubuntu0.1 | UNKNOWN |
ubuntu | 7.04 | noarch | nagios-plugins | < 1.4.5-2ubuntu0.1 | UNKNOWN |
ubuntu | 7.10 | noarch | nagios-plugins | < 1.4.8-2.1ubuntu1.1 | UNKNOWN |