rss-bot
October 22nd, 2007, 04:40 PM
Referenced CVEs:
CVE-2007-5198
Description:
================================================== ========= Ubuntu Security Notice USN-532-1 October 22, 2007 nagios-plugins vulnerability CVE-2007-5198 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: nagios-plugins 1.4.2-5ubuntu3.1 nagios-plugins-basic 1.4.2-5ubuntu3.1 nagios-plugins-standard 1.4.2-5ubuntu3.1 In general, a standard system upgrade is sufficient to affect the necessary changes. Details follow: Nobuhiro Ban discovered that check_http in nagios-plugins did not properly sanitize its input when following redirection requests. A malicious remote web server could cause a denial of service or possibly execute arbitrary code as the user. (CVE-2007-5198) Aravind Gottipati discovered that sslutils.c in nagios-plugins did not properly reset pointers to NULL. A malicious remote web server could cause a denial of service. Aravind Gottipati discovered that check_http in nagios-plugins did not properly calculate how much memory to reallocate when following redirection requests. A malicious remote web server could cause a denial of service.
More... (http://www.ubuntu.com/usn/usn-532-1)
CVE-2007-5198
Description:
================================================== ========= Ubuntu Security Notice USN-532-1 October 22, 2007 nagios-plugins vulnerability CVE-2007-5198 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: nagios-plugins 1.4.2-5ubuntu3.1 nagios-plugins-basic 1.4.2-5ubuntu3.1 nagios-plugins-standard 1.4.2-5ubuntu3.1 In general, a standard system upgrade is sufficient to affect the necessary changes. Details follow: Nobuhiro Ban discovered that check_http in nagios-plugins did not properly sanitize its input when following redirection requests. A malicious remote web server could cause a denial of service or possibly execute arbitrary code as the user. (CVE-2007-5198) Aravind Gottipati discovered that sslutils.c in nagios-plugins did not properly reset pointers to NULL. A malicious remote web server could cause a denial of service. Aravind Gottipati discovered that check_http in nagios-plugins did not properly calculate how much memory to reallocate when following redirection requests. A malicious remote web server could cause a denial of service.
More... (http://www.ubuntu.com/usn/usn-532-1)