1.4.1 - 05/15/2006 * Bug fix for HTTP content_length header integer overflow in CGIs SA-20123 : Description: A vulnerability has been reported in Nagios, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused due to an integer overflow error within the handling of the "Content-Length" HTTP header. This can be exploited to cause a buffer overflow and may allow arbitrary code execute via a HTTP request with specially crafted value in the "Content-Length" HTTP header. The vulnerability has been reported in the 1.x and 2.x code branches. Solution: Update to the fixed versions. http://www.nagios.org/download/ Nagios 1.x: Update to version 1.4.1. Nagios 2.x: Update to version 2.3.1.
Advisory is out today. Trying to break the record of the fastest GLSA :) Thanks to Ramereth who has already commited nagios-1.4.1
I also committed 2.3.1 but both are set as ~arch to ensure no breakage. I didn't get a chance to test it on a working nagios config yet, so I'd like to wait till either someone tests that or we give it a day or so. I don't like breaking people's monitoring system :).
Stable on x86 (2 separate systems)... =]
sparc stable.
nagios 1.4.1 stable on ppc64
This one is ready for GLSA. This looks like an errata to GLSA 200605-07. http://nagios.cvs.sourceforge.net/nagios/nagios/cgi/getcgi.c?view=log
yeah, if it was incompletely fixed the first time, we should have an errata here
GLSA 200605-07:02
TTL : 8h25m thanks to Jaervosz, ramereth and arches :)