[Pkg-nagios-devel] Bug#366683: CVE-2006-2162: Buffer overflow in
nagios
Martin Schulze
joey at infodrom.org
Fri May 12 04:24:21 UTC 2006
Hi Sean!
Sean Finney wrote:
> On Thu, May 11, 2006 at 05:46:16PM +0200, Martin Schulze wrote:
> > > - crafting a simple "user-agent" that can illustrate the vulnerability
> > > by sending a negative or 0 value for content length to a nagios cgi
> > > (it doesn't have to actually inject any shell code or anything, just
> > > PoC would be fine by me).
> >
> > Why user-agent? "All" you need to do is add some variables, so that
>
> as a general rule i feel much more comfortable having some kind of PoC
> code available that will tell me that my patch works. granted, in this
> case it's a rather straightforward patch, but still...
>
> > the Content-Length is either exactly INT_MAX or even larger, both
> > cause an integer overrun, which cause a negative malloc() which cause
> > a situation in which the attacker may control some memory they shouldn't.
>
> ah yes.. good point about INT_MAX. i'll forward this upstream as well,
> since i don't think ethan considered this.
Thanks.
Please let me know the version in sid that will have this problem
fixed once you know it.
Regards,
Joey
--
It's time to close the windows.
Please always Cc to me when replying to me on the lists.
More information about the Pkg-nagios-devel
mailing list