[seanius at debian.org: Re: CVE-2006-2162: Buffer overflow in nagios]

Ethan Galstad nagios at nagios.org
Mon May 15 18:54:58 CEST 2006

Previous message: [seanius at debian.org: Re: CVE-2006-2162: Buffer overflow in nagios]
Next message: Nagios 2.3 and epn-problems
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

sean finney wrote:
> hey ethan,
> 
> On Fri, May 12, 2006 at 05:22:44PM -0500, Ethan Galstad wrote:
>> Good point.  How does the attached patch look for fixing this?  I may 
>> have to release the patch standalone for a few days, as the SourceForge 
>> CVS servers are currently offline (!).
> 
> fun...
> 
> i believe the patch you give should prevent the problem from occurring.
> 
> in debian, the patch we're using prints an error and returns error
> instead, which i think is slightly more optimal as i'm not sure what
> happens when the cgi script expects a content length different from what
> it's actually going to get.  i'll attache what ew're using for
> reference.
> 
> the first patch (16_foo) is against 1.x and the second (10_foo) is
> against 2.x
> 
> 
> 	sean

Thanks Sean - I think your patches are better, since they cause the CGIs 
to exit, so I'll apply them and release new versions of Nagios later 
today.  Thanks again to you and the other Debian folks!


Ethan Galstad,
Nagios Developer
---
Email: nagios at nagios.org
Website: http://www.nagios.org


-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

Previous message: [seanius at debian.org: Re: CVE-2006-2162: Buffer overflow in nagios]
Next message: Nagios 2.3 and epn-problems
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Developers mailing list