[Pkg-nagios-devel] Bug#685455: nsca: Potential buffer overflow in send_nsca

Xiwen Cheng xiwen.cheng at mendix.com
Mon Aug 20 21:56:12 UTC 2012

Package: nsca
Version: 2.9.1-2
Severity: important

Dear Maintainer,

While looking through the source of send_nsca.c I noticed there is a
major bug in the loop that reads in data from stdin. An attacker could
cause a buffer overflow in send_nsca by sending a payload larger than
5120 bytes with no occurences of 0x17.

The patch included simply records the event and prevents the buffer
overflow from occuring by truncating the payload.

Best regards,

>From 06cd6b58b2d1488fbf64cd5f15f20df57e39a852 Mon Sep 17 00:00:00 2001
From: Xiwen Cheng <xiwen.cheng at mendix.com>
Date: Mon, 20 Aug 2012 23:05:06 +0200
Subject: [PATCH] Fix potential buffer overflow

 src/send_nsca.c |    4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/send_nsca.c b/src/send_nsca.c
index d44e7c1..07c5196 100644
--- a/src/send_nsca.c
+++ b/src/send_nsca.c
@@ -204,7 +204,11 @@ int main(int argc, char **argv){
 			input_buffer[pos] = c;
 			c = getc(stdin);
+			if(pos>=MAX_INPUT_BUFFER-1){
+				printf("Warning: packet[%d] truncated to %d bytes.\n",total_packets, MAX_INPUT_BUFFER);
+				break;
+		}
 		input_buffer[pos] = 0;

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages nsca depends on:
ii  confget                1.03-1
ii  debconf [debconf-2.0]  1.5.44
ii  libc6                  2.13-33
ii  libmcrypt4             2.5.8-3.1
ii  nsca-client            2.9.1-2

nsca recommends no packages.

Versions of packages nsca suggests:
ii  nagios-plugins-basic  1.4.16-1
pn  nagios3               <none>

-- debconf information excluded

More information about the Pkg-nagios-devel mailing list