Is affected the system:
Nagios Nagios 1.4.9
Not affected system:
Nagios Nagios 1.4.10
Description:
--------------------------------------------------------------------------------
BUGTRAQ ID: 25952
CVE(CAN) ID: CVE-2007-5198
Nagios is a section of free opening source code main engine and the service surveillance software, may use in many kinds of Linux and under the Unix operating system.
Nagios when a processing request abnormal request data has the buffer overflow crack, the long-distance aggressor possibly uses this crack to control the server.
Nagios check_http.c in the document redir() function has not processed HTTP Location correctly: Information, if Location: To had crack's system to return to the ultra long string of character words, triggered the buffer overflow on the possibility, caused to carry out the random order.
<* origin: Nobuhiro Ban
Link: http://sourceforge.net/tracker/index.php?func=detail&aid=1687867&group_id=29880&atid=397597
http://secunia.com/advisories/27124/
http://security.gentoo.org/glsa/glsa-200711-11.xml
*>
Suggested:
--------------------------------------------------------------------------------
Temporary solution:
* do not use the WEB server which - f the follow option inspection cannot be trusted.
Manufacturer patch:
Nagios
------
At present the manufacturer had already issued the promotion patch repairs this security problem, welcome to manufacturer main page downloading:
http://www.nagios.org/
Gentoo
------
Gentoo had already issued a safe announcement for this reason (GLSA-200711-11) as well as the corresponding patch:
GLSA-200711-11:Nagios Plugins: Two buffer overflows
Link: http://security.gentoo.org/glsa/glsa-200711-11.xml
All Nagios plug-in unit users should promote to the newest edition:
# emerge --sync
# emerge - av --oneshot “>=net-analyzer/nagios-plugins-1.4.10-r1”
|
You are here: hacking technology
> crack analyzes
> Content
Category: Home
> crack analyzes