USN-532-1: nagios-plugins vulnerability

22 October 2007

nagios-plugins vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 6.06 LTS

Software Description

  • nagios-plugins

Details

Nobuhiro Ban discovered that check_http in nagios-plugins did not properly sanitize its input when following redirection requests. A malicious remote web server could cause a denial of service or possibly execute arbitrary code as the user. (CVE-2007-5198)

Aravind Gottipati discovered that sslutils.c in nagios-plugins did not properly reset pointers to NULL. A malicious remote web server could cause a denial of service.

Aravind Gottipati discovered that check_http in nagios-plugins did not properly calculate how much memory to reallocate when following redirection requests. A malicious remote web server could cause a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 6.06 LTS
nagios-plugins - 1.4.2-5ubuntu3.1
nagios-plugins-basic - 1.4.2-5ubuntu3.1
nagios-plugins-standard - 1.4.2-5ubuntu3.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system upgrade is sufficient to effect the necessary changes.

References