[Pkg-nagios-devel] Bug#366682: CVE-2006-2162: Buffer overflow in
nagios
sean finney
seanius at debian.org
Thu May 11 23:17:23 UTC 2006
On Thu, May 11, 2006 at 11:46:21PM +0200, Stefan Fritsch wrote:
> severity 366682 important
> severity 366683 important
> thanks
>
> Hi,
>
> the Ubuntu guys already found out that Apache 2 doesn't accept
> requests with negative content length and I just checked that Apache
> 1.3 doesn't either. I guess this makes this a quite low impact
> vulnerability.
what if:
On Thu, May 11, 2006 at 05:46:16PM +0200, Martin Schulze wrote:
> Please note that upstream doesn't check for content length == INT_MAX
i don't have a nagios install online right now (can tomorrow morning)
so i can't run the PoC mentioned in the BTS (thanks stefan), i'd
be interested to see how it handles 2147483647 (or your arch's
equivalent of INT_MAX). if the code actually increments the size
by one AFTER receiving the data... then we should probably readjust
the severities.
and by the way, i'm a bit annoyed that ubuntu managed to send off a
USN on this 4 days ago, and not even bother to think "hey, maybe
we should mention this to the debian guys".
sean
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-nagios-devel/attachments/20060511/2f0d19bf/attachment-0002.pgp
More information about the Pkg-nagios-devel
mailing list