[Full-disclosure] [USN-532-1] nagios-plugins vulnerability



===========================================================
Ubuntu Security Notice USN-532-1 October 22, 2007
nagios-plugins vulnerability
CVE-2007-5198
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
nagios-plugins 1.4.2-5ubuntu3.1
nagios-plugins-basic 1.4.2-5ubuntu3.1
nagios-plugins-standard 1.4.2-5ubuntu3.1

In general, a standard system upgrade is sufficient to affect the
necessary changes.

Details follow:

Nobuhiro Ban discovered that check_http in nagios-plugins did
not properly sanitize its input when following redirection
requests. A malicious remote web server could cause a denial
of service or possibly execute arbitrary code as the user.
(CVE-2007-5198)

Aravind Gottipati discovered that sslutils.c in nagios-plugins
did not properly reset pointers to NULL. A malicious remote web
server could cause a denial of service.

Aravind Gottipati discovered that check_http in nagios-plugins
did not properly calculate how much memory to reallocate when
following redirection requests. A malicious remote web server
could cause a denial of service.


Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plugins_1.4.2-5ubuntu3.1.diff.gz
Size/MD5: 40038 2ce232319f1412bd31218e4f80f379aa
http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plugins_1.4.2-5ubuntu3.1.dsc
Size/MD5: 1054 a0c28730ba822bef978cf7428447320a
http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plugins_1.4.2.orig.tar.gz
Size/MD5: 973712 5ac95978cc49c35132a5a2ea1c985c20

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plugins-basic_1.4.2-5ubuntu3.1_amd64.deb
Size/MD5: 265222 1ebcbca55e85bee9e0579a98227aa5ac
http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plugins-standard_1.4.2-5ubuntu3.1_amd64.deb
Size/MD5: 159170 62cb762bf4b953aab1cbe8a2ce5ddf33
http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plugins_1.4.2-5ubuntu3.1_amd64.deb
Size/MD5: 64236 c67353629a02a09f5bc863dfc76311b6

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plugins-basic_1.4.2-5ubuntu3.1_i386.deb
Size/MD5: 226406 1edb66f9f3d896f32604261ca5fc6de7
http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plugins-standard_1.4.2-5ubuntu3.1_i386.deb
Size/MD5: 142844 665cc990cfc20064cd5df981e2836db7
http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plugins_1.4.2-5ubuntu3.1_i386.deb
Size/MD5: 64224 23d300cb4585debe59cc7652ee8b0732

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plugins-basic_1.4.2-5ubuntu3.1_powerpc.deb
Size/MD5: 245756 78ec9be9d3b0e6d5c2d1821d93652cc1
http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plugins-standard_1.4.2-5ubuntu3.1_powerpc.deb
Size/MD5: 159026 f2617d51e4cfd9ee1e44c27c609eb3d3
http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plugins_1.4.2-5ubuntu3.1_powerpc.deb
Size/MD5: 64234 abd123c2d7c19a789617a902e91857af

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plugins-basic_1.4.2-5ubuntu3.1_sparc.deb
Size/MD5: 234452 167d37e690c2e8553e0cc15eca80ef89
http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plugins-standard_1.4.2-5ubuntu3.1_sparc.deb
Size/MD5: 144714 87eaaf687549fcb4f9de76c7a33accb9
http://security.ubuntu.com/ubuntu/pool/main/n/nagios-plugins/nagios-plugins_1.4.2-5ubuntu3.1_sparc.deb
Size/MD5: 64232 2f26e0b30e1e06ed8f5ecfdffb16a2e0

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages

  • [USN-1085-2] tiff regression
    ... A security issue affects the following Ubuntu releases: ... Ubuntu 6.06 LTS ... USN-1085-1 fixed vulnerabilities in the system TIFF library. ... i386 architecture: ...
    (Bugtraq)
  • [USN-1085-1] tiff vulnerabilities
    ... A security issue affects the following Ubuntu releases: ... Ubuntu 6.06 LTS ... Sauli Pahlman discovered that the TIFF library incorrectly handled invalid ... i386 architecture: ...
    (Bugtraq)
  • [Full-disclosure] [USN-1085-1] tiff vulnerabilities
    ... A security issue affects the following Ubuntu releases: ... Ubuntu 6.06 LTS ... Sauli Pahlman discovered that the TIFF library incorrectly handled invalid ... i386 architecture: ...
    (Full-Disclosure)
  • [Full-disclosure] [USN-1085-2] tiff regression
    ... A security issue affects the following Ubuntu releases: ... Ubuntu 6.06 LTS ... USN-1085-1 fixed vulnerabilities in the system TIFF library. ... i386 architecture: ...
    (Full-Disclosure)
  • [Full-disclosure] [USN-1017-1] MySQL vulnerabilities
    ... A security issue affects the following Ubuntu releases: ... Ubuntu 6.06 LTS ... causing a denial of service. ... amd64 architecture: ...
    (Full-Disclosure)