Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2007-5198
HistoryOct 04, 2007 - 12:00 a.m.

CVE-2007-5198

2007-10-0400:00:00
ubuntu.com
ubuntu.com
7

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.021 Low

EPSS

Percentile

89.0%

JSON

Buffer overflow in the redir function in check_http.c in Nagios Plugins
before 1.4.10, when running with the -f (follow) option, allows remote web
servers to execute arbitrary code via Location header responses (redirects)
with a large number of leading “L” characters.

Bugs

Notes

Author Note
jdstrand supplied debdiff in LP doesn’t address (fixed in CVS before 1.4.11) http://sourceforge.net/tracker/index.php?func=detail&aid=1813346&group_id=29880&atid=397597 also has two DoS: http://sourceforge.net/tracker/index.php?func=detail&aid=1729692&group_id=29880&atid=397597 http://nagiosplug.cvs.sourceforge.net/nagiosplug/nagiosplug/plugins/sslutils.c?r1=1.3&r2=1.4 (no bug report, see the changelog)
OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchnagios-plugins< 1.4.2-5ubuntu3.1UNKNOWN
ubuntu6.10noarchnagios-plugins< 1.4.3.0cvs.20060707-3ubuntu0.1UNKNOWN
ubuntu7.04noarchnagios-plugins< 1.4.5-2ubuntu0.1UNKNOWN
ubuntu7.10noarchnagios-plugins< 1.4.8-2.1ubuntu1.1UNKNOWN

Related

nessus 10
freebsd 1
openvas 20
ubuntu 1
fedora 3
cvelist 1
prion 1
cve 1
osv 1
securityvulns 2
gentoo 1
debian 2
nessus
nessus
Ubuntu 6.06 LTS : nagios-plugins vulnerability (USN-532-1)
2007-11-10 00:00:00
Fedora 7 : nagios-plugins-1.4.11-2.fc7 (2008-3146)
2008-04-18 00:00:00
Fedora 8 : nagios-plugins-1.4.11-2.fc8 (2008-3061)
2008-04-18 00:00:00
freebsd
freebsd
nagios-plugins -- Long Location Header Buffer Overflow Vulnerability
2007-09-28 00:00:00
openvas
openvas
Fedora Update for nagios FEDORA-2008-3098
2009-02-17 00:00:00
Fedora Update for nagios FEDORA-2008-3098
2009-02-17 00:00:00
Ubuntu: Security Advisory (USN-532-1)
2009-03-23 00:00:00
ubuntu
ubuntu
nagios-plugins vulnerability
2007-10-22 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: nagios-2.11-3.fc8
2008-04-17 03:52:13
[SECURITY] Fedora 7 Update: nagios-plugins-1.4.11-2.fc7
2008-04-17 03:54:34
[SECURITY] Fedora 8 Update: nagios-plugins-1.4.11-2.fc8
2008-04-17 03:48:55
cvelist
cvelist
CVE-2007-5198
2007-10-04 17:00:00
prion
prion
Buffer overflow
2007-10-04 17:17:00
cve
cve
CVE-2007-5198
2007-10-04 17:17:00
osv
osv
nagios-plugins - several
2008-02-12 00:00:00
securityvulns
securityvulns
Nagios plugins multiple security vulnerabilities
2007-11-14 00:00:00
[ GLSA 200711-11 ] Nagios Plugins: Two buffer overflows
2007-11-14 00:00:00
gentoo
gentoo
Nagios Plugins: Two buffer overflows
2007-11-08 00:00:00
debian
debian
[SECURITY] [DSA 1495-1] New nagios-plugins packages fix several vulnerabilities
2008-02-12 22:48:31
[SECURITY] [DSA 1495-2] New nagios-plugins packages fix regression
2008-02-17 14:37:52

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.021 Low

EPSS

Percentile

89.0%

JSON
Related for UB:CVE-2007-5198
nessus10freebsd1openvas20ubuntu1fedora3cvelist1prion1cve1osv1securityvulns2gentoo1debian2