Nagios Exploit

Mike Guthrie mguthrie at nagios.com
Fri Jan 11 20:29:14 CET 2013

Previous message: Nagios Exploit
Next message: Nagios Exploit
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Fixed in the Nagios 3.4.4 release candidate, as well as in the Core 4 
trunk. Announced last week:

> All,
>
> I have uploaded a release candidate tarball for Nagios Core 3.4.4 to
> SourceForge. If you are so inclined, please download a copy from
> https://sourceforge.net/projects/nagios/files/nagios-3.x/nagios-3.4.4/  
> and give it a test run. Any feedback would be appreciated. I plan to
> create the release mid-week next week.
>
> The change log is as follows:
>
> * Fixed bug #408: service checks get duplicated on reload (Eric Stanley)
> * Fixed bug #401: segmentation fault on Solaris when parsing unknown
> timeperiod directives. (Eric Stanley)
> * Added NULL pointer checks to CGI code. (Eric Stanley)
> * Fixed buffer overflow vulnerability in CGI code. Thanks to Neohapsis
> (http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0108.html) for
> finding this. (Eric Stanley)
>
> Thanks,
>
> Eric





On 1/11/2013 11:58 AM, Leonardo - Mandic wrote:
> Hello,
>
> Anybody have more informations about this exploit of Nagios?
>
> http://pastebin.com/FJUNyTaj
>
> Leonardo
>
>
> ------------------------------------------------------------------------------
> Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and
> much more. Get web development skills now with LearnDevNow -
> 350+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
> SALE $99.99 this month only -- learn more at:
> http://p.sf.net/sfu/learnmore_122812
>
>
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null


-- 


Mike Guthrie
Technical Team
___
Nagios Enterprises, LLC
Email:  mguthrie at nagios.com
Web:    www.nagios.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20130111/cc05de88/attachment.html>
-------------- next part --------------
------------------------------------------------------------------------------
Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and
much more. Get web development skills now with LearnDevNow -
350+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122812
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: Nagios Exploit
Next message: Nagios Exploit
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list