Bug 196308

Summary:	net-analyzer/nagios-plugins < 1.4.10-r1 check_snmp buffer overflow (CVE-2007-5623)
Product:	Gentoo Security	Reporter:	Tobias Scherbaum (RETIRED) <dertobi123>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	major	CC:	dertobi123, netmon
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://secunia.com/advisories/27419/
Whiteboard:	B1 [glsa]
Package list:		Runtime testing required:	---
Bug Depends on:
Bug Blocks:	194178

Description Tobias Scherbaum (RETIRED) gentoo-dev

2007-10-18 17:35:21 UTC

The included check_snmp plugin is vulnerable to a buffer overflow, a patch is available upstream but this issue isn't confirmed (yet).

Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2007-10-23 18:54:58 UTC

netmon please advise and patch as necessary.

Comment 2 Tobias Scherbaum (RETIRED) gentoo-dev

2007-10-23 19:34:31 UTC

(In reply to comment #0)
> a patch is available upstream but this issue isn't confirmed (yet).
> 

no news yet

Comment 3 Tobias Scherbaum (RETIRED) gentoo-dev

2007-10-29 19:55:03 UTC

I included the patch posted to the upstream bugreport to 1.4.10-r1 (plus another fix for #194178).

Comment 4 Pierre-Yves Rofes (RETIRED) gentoo-dev

2007-10-29 21:40:44 UTC

Thanks tobias.
Arches, please test and mark stable net-analyzer/nagio-plugins-1.4.10-r1
Target keywords: "~alpha amd64 ~ppc ppc64 sparc x86"

Comment 5 Christian Faulhammer (RETIRED) gentoo-dev

2007-10-30 09:22:20 UTC

x86 stable

Comment 6 Markus Rothe (RETIRED) gentoo-dev

2007-10-30 19:03:59 UTC

ppc64 stable

Comment 7 Raúl Porcel (RETIRED) gentoo-dev

2007-11-05 14:17:55 UTC

sparc stable

Comment 8 Chris Gianelloni (RETIRED) gentoo-dev

2007-11-08 00:49:54 UTC

stable on amd64

Comment 9 Pierre-Yves Rofes (RETIRED) gentoo-dev

2007-11-08 19:32:51 UTC

GLSA 200711-11.