Bug#366683: [sf@sfritsch.de: [Pkg-nagios-devel] Bug#366683: CVE-2006-2162: Buffer overflow in nagios]

sean finney seanius at debian.org
Wed May 10 15:28:11 UTC 2006

hi ethan,

any care to comment on this?  i'm really swamped right now and just
spent all of last weekend fixing 4 CVE's for mysql, so i would really
appreciate it if you (or someone else on the list) could forward
my the relevant patch from the 1.x branch if/when it exists so we
can prepare an update for the debian sarge and woody packages.


----- Forwarded message from Stefan Fritsch <sf at sfritsch.de> -----

Date: Wed, 10 May 2006 13:23:59 +0200 (CEST)
From: Stefan Fritsch <sf at sfritsch.de>
To: submit at bugs.debian.org
Subject: [Pkg-nagios-devel] Bug#366683: CVE-2006-2162: Buffer overflow in

Package: nagios2
Severity: grave
Justification: user security hole
Tags: security

Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before
2.3 allows remote attackers to execute arbitrary code via a negative
content length (Content-Length) HTTP header.

See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2162

Pkg-nagios-devel mailing list
Pkg-nagios-devel at lists.alioth.debian.org

----- End forwarded message -----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-nagios-devel/attachments/20060510/0cced6b8/attachment.pgp

More information about the Pkg-nagios-devel mailing list