Bug#366683: [sf@sfritsch.de: [Pkg-nagios-devel] Bug#366683:
CVE-2006-2162: Buffer overflow in nagios]
sean finney
seanius at debian.org
Wed May 10 15:28:11 UTC 2006
hi ethan,
any care to comment on this? i'm really swamped right now and just
spent all of last weekend fixing 4 CVE's for mysql, so i would really
appreciate it if you (or someone else on the list) could forward
my the relevant patch from the 1.x branch if/when it exists so we
can prepare an update for the debian sarge and woody packages.
sean
----- Forwarded message from Stefan Fritsch <sf at sfritsch.de> -----
Date: Wed, 10 May 2006 13:23:59 +0200 (CEST)
From: Stefan Fritsch <sf at sfritsch.de>
To: submit at bugs.debian.org
Subject: [Pkg-nagios-devel] Bug#366683: CVE-2006-2162: Buffer overflow in
nagios
Package: nagios2
Severity: grave
Justification: user security hole
Tags: security
CVE-2006-2162:
Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before
2.3 allows remote attackers to execute arbitrary code via a negative
content length (Content-Length) HTTP header.
See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2162
_______________________________________________
Pkg-nagios-devel mailing list
Pkg-nagios-devel at lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-nagios-devel
----- End forwarded message -----
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-nagios-devel/attachments/20060510/0cced6b8/attachment.pgp
More information about the Pkg-nagios-devel
mailing list