[sf at sfritsch.de: [Pkg-nagios-devel] Bug#366683: CVE-2006-2162: Buffer overflow in nagios]

sean finney seanius at seanius.net
Wed May 10 17:31:29 CEST 2006


hi ethan,

any care to comment on this?  i'm really swamped right now and just
spent all of last weekend fixing 4 CVE's for mysql, so i would really
appreciate it if you (or someone else on the list) could forward
my the relevant patch from the 1.x branch if/when it exists so we
can prepare an update for the debian sarge and woody packages.

	sean

----- Forwarded message from Stefan Fritsch <sf at sfritsch.de> -----

Date: Wed, 10 May 2006 13:23:59 +0200 (CEST)
From: Stefan Fritsch <sf at sfritsch.de>
To: submit at bugs.debian.org
Subject: [Pkg-nagios-devel] Bug#366683: CVE-2006-2162: Buffer overflow in
	nagios

Package: nagios2
Severity: grave
Justification: user security hole
Tags: security

CVE-2006-2162:
Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before
2.3 allows remote attackers to execute arbitrary code via a negative
content length (Content-Length) HTTP header.

See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2162



_______________________________________________
Pkg-nagios-devel mailing list
Pkg-nagios-devel at lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-nagios-devel


----- End forwarded message -----

-- 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://www.monitoring-lists.org/archive/developers/attachments/20060510/3587f5ae/attachment.sig>


More information about the Developers mailing list