[Pkg-nagios-devel] Bug#366683: CVE-2006-2162: Buffer overflow in nagios

Martin Schulze joey at infodrom.org
Fri May 12 04:24:21 UTC 2006

Hi Sean!

Sean Finney wrote:
> On Thu, May 11, 2006 at 05:46:16PM +0200, Martin Schulze wrote:
> > > - crafting a simple "user-agent" that can illustrate the vulnerability
> > >   by sending a negative or 0 value for content length to a nagios cgi
> > >   (it doesn't have to actually inject any shell code or anything, just
> > >   PoC would be fine by me).
> > 
> > Why user-agent?  "All" you need to do is add some variables, so that
> as a general rule i feel much more comfortable having some kind of PoC
> code available that will tell me that my patch works.  granted, in this
> case it's a rather straightforward patch, but still...
> > the Content-Length is either exactly INT_MAX or even larger, both
> > cause an integer overrun, which cause a negative malloc() which cause
> > a situation in which the attacker may control some memory they shouldn't.
> ah yes.. good point about INT_MAX.  i'll forward this upstream as well,
> since i don't think ethan considered this.


Please let me know the version in sid that will have this problem
fixed once you know it.



It's time to close the windows.

Please always Cc to me when replying to me on the lists.

More information about the Pkg-nagios-devel mailing list