[Pkg-nagios-devel] Bug#368193: nagios: CVE-2006-2489: remote DoS
and possible code execution
Alec Berryman
alec at thened.net
Sat May 20 12:21:11 UTC 2006
Package: nagios
Severity: grave
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
CVE-2006-2489: "Integer overflow in CGI scripts in Nagios 1.x before
1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of
service (crash) and possibly execute arbitrary code via a content length
(Content-Length) HTTP header. NOTE: this is a different vulnerability
than CVE-2006-2162."
I understand that Sean is credited with the discovery and fix; I'm
filing this bug to keep track of the issue. I believe this affects the
Nagios package in sarge as well.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEbwm3Aud/2YgchcQRAlgmAJsFxM1WkFJAlHKWdU63reEMXBWZGgCgtbzi
mEC2c5/5Mited6YpHaAx6SY=
=uXcN
-----END PGP SIGNATURE-----
More information about the Pkg-nagios-devel
mailing list