[Pkg-nagios-devel] Bug#366682: CVE-2006-2162: Buffer overflow in
nagios
Sean Finney
seanius at debian.org
Fri May 12 15:00:53 UTC 2006
On Fri, May 12, 2006 at 06:24:21AM +0200, Martin Schulze wrote:
> Please let me know the version in sid that will have this problem
> fixed once you know it.
for nagios 1.x: 1.4-1 (or 2:1.4-1, since there's an epoch i guess)
for nagios 2.x: 2.3-1
both are recently uploaded.
i've made a diff.gz of the sarge version available at:
http://people.debian.org/~seanius/nagios/nagios_1.3-cvs.20050402-2.sarge.2.diff.gz
though there's no difference wrt your patch other than cosmetics and
different dpatch names. also, there is a
http://people.debian.org/~seanius/nagios/CVE-2006-2162.sh
which is a quick PoC i threw together to test the cgi's from the
cmdline.
sean
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-nagios-devel/attachments/20060512/7e21fe12/attachment-0002.pgp
More information about the Pkg-nagios-devel
mailing list