[Pkg-nagios-devel] Bug#366682: CVE-2006-2162: Buffer overflow in nagios

sean finney seanius at debian.org
Thu May 11 08:35:26 UTC 2006

hey security team and nagios team,

as reported to us in the bts, the debian nagios packages are vulnerable
to arbitrary code execution via not properly checking the Content-Length
header from client requests.

here are the affected versions afaict:


nagios-mysql 2:1.3-cvs.20050402-2.sarge.1
nagios-text 2:1.3-cvs.20050402-2.sarge.1
nagios-pgsql 2:1.3-cvs.20050402-2.sarge.1


nagios-mysql 2:1.3-cvs.20050402-13
nagios-text 2:1.3-cvs.20050402-13
nagios-pgsql 2:1.3-cvs.20050402-13
nagios2 2.2-1

in unstable both the 1.x and 2.x trees have had updates from upstream.
i've just finished putting the changes into svn, but i haven't prepared
an upload yet because i haven't been able to find/craft an exploit
just yet, and i'm in one of those "low on time" modes where it's
possible i may have messed something up.

so, i could use help with the following two things:

- crafting a simple "user-agent" that can illustrate the vulnerability
  by sending a negative or 0 value for content length to a nagios cgi
  (it doesn't have to actually inject any shell code or anything, just
  PoC would be fine by me).
- verifying that the latest branches in svn are fixed.

if anyone could assist me with either of these, it'd be much


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-nagios-devel/attachments/20060511/1d578938/attachment-0002.pgp

More information about the Pkg-nagios-devel mailing list