[Pkg-nagios-devel] Bug#792787: nagios3-cgi: Nagios web gui not show all services - buffer overflow

David Sulaiman sulaiman at itpe.cz
Sat Jul 18 14:33:21 UTC 2015 

Package: nagios3-cgi
Version: 3.5.1.dfsg-2+b1
Severity: important



-- System Information:
Debian Release: 8.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 3.16.0-4-686-pae (SMP w/2 CPU cores)
Locale: LANG=cs_CZ.UTF-8, LC_CTYPE=cs_CZ.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages nagios3-cgi depends on:
ii  adduser                3.113+nmu3
ii  apache2-utils          2.4.10-10
ii  coreutils              8.23-4
ii  debconf [debconf-2.0]  1.5.56
ii  libapache2-mod-php5    5.6.9+dfsg-0+deb8u1
ii  libc6                  2.19-18
ii  libgd3                 2.1.0-5
ii  libjpeg62-turbo        1:1.3.1-12
ii  libjs-jquery           1.7.2+dfsg-3.2
ii  libpng12-0             1.2.50-2+b2
ii  nagios3-common         3.5.1.dfsg-2
ii  php5                   5.6.9+dfsg-0+deb8u1
ii  ucf                    3.0030
ii  zlib1g                 1:1.2.8.dfsg-2+b1

Versions of packages nagios3-cgi recommends:
ii  apache2 [httpd]              2.4.10-10
ii  apache2-mpm-prefork [httpd]  2.4.10-10
ii  nagios-images                0.8

nagios3-cgi suggests no packages.

[Sat Jul 18 16:26:29.277140 2015] [cgi:error] [pid 10134] [client 192.168.20.21:59625] AH01215: *** buffer overflow detected ***: /usr/lib/cgi-bin/nagios3/status.cgi terminated
[Sat Jul 18 16:26:29.277214 2015] [cgi:error] [pid 10134] [client 192.168.20.21:59625] AH01215: ======= Backtrace: =========
[Sat Jul 18 16:26:29.277275 2015] [cgi:error] [pid 10134] [client 192.168.20.21:59625] AH01215: /lib/i386-linux-gnu/i686/cmov/libc.so.6(+0x6c6f3)[0xb75876f3]
[Sat Jul 18 16:26:29.277342 2015] [cgi:error] [pid 10134] [client 192.168.20.21:59625] AH01215: /lib/i386-linux-gnu/i686/cmov/libc.so.6(__fortify_fail+0x45)[0xb76152d5]
[Sat Jul 18 16:26:29.277400 2015] [cgi:error] [pid 10134] [client 192.168.20.21:59625] AH01215: /lib/i386-linux-gnu/i686/cmov/libc.so.6(+0xf838a)[0xb761338a]
[Sat Jul 18 16:26:29.277458 2015] [cgi:error] [pid 10134] [client 192.168.20.21:59625] AH01215: /lib/i386-linux-gnu/i686/cmov/libc.so.6(+0xf7ae8)[0xb7612ae8]
[Sat Jul 18 16:26:29.277528 2015] [cgi:error] [pid 10134] [client 192.168.20.21:59625] AH01215: /lib/i386-linux-gnu/i686/cmov/libc.so.6(_IO_default_xsputn+0x8e)[0xb758b04e]
[Sat Jul 18 16:26:29.277595 2015] [cgi:error] [pid 10134] [client 192.168.20.21:59625] AH01215: /lib/i386-linux-gnu/i686/cmov/libc.so.6(_IO_vfprintf+0x161c)[0xb755f82c]
[Sat Jul 18 16:26:29.277663 2015] [cgi:error] [pid 10134] [client 192.168.20.21:59625] AH01215: /lib/i386-linux-gnu/i686/cmov/libc.so.6(__vsprintf_chk+0xb4)[0xb7612ba4]
[Sat Jul 18 16:26:29.277729 2015] [cgi:error] [pid 10134] [client 192.168.20.21:59625] AH01215: /lib/i386-linux-gnu/i686/cmov/libc.so.6(__sprintf_chk+0x2f)[0xb7612acf]
[Sat Jul 18 16:26:29.277786 2015] [cgi:error] [pid 10134] [client 192.168.20.21:59625] AH01215: /usr/lib/cgi-bin/nagios3/status.cgi(+0x13215)[0xb7710215]
[Sat Jul 18 16:26:29.277839 2015] [cgi:error] [pid 10134] [client 192.168.20.21:59625] AH01215: /usr/lib/cgi-bin/nagios3/status.cgi(+0xd40f)[0xb770a40f]
[Sat Jul 18 16:26:29.277895 2015] [cgi:error] [pid 10134] [client 192.168.20.21:59625] AH01215: /usr/lib/cgi-bin/nagios3/status.cgi(main+0x19b)[0xb76fe72b]
[Sat Jul 18 16:26:29.277965 2015] [cgi:error] [pid 10134] [client 192.168.20.21:59625] AH01215: /lib/i386-linux-gnu/i686/cmov/libc.so.6(__libc_start_main+0xf3)[0xb7534a63]
[Sat Jul 18 16:26:29.278053 2015] [cgi:error] [pid 10134] [client 192.168.20.21:59625] AH01215: /usr/lib/cgi-bin/nagios3/status.cgi(+0x246c)[0xb76ff46c]
[Sat Jul 18 16:26:29.278086 2015] [cgi:error] [pid 10134] [client 192.168.20.21:59625] AH01215: ======= Memory map: ========
[Sat Jul 18 16:26:29.278159 2015] [cgi:error] [pid 10134] [client 192.168.20.21:59625] AH01215: b7346000-b7362000 r-xp 00000000 08:05 450581     /lib/i386-linux-gnu/libgcc_s.so.1
[Sat Jul 18 16:26:29.278232 2015] [cgi:error] [pid 10134] [client 192.168.20.21:59625] AH01215: b7362000-b7363000 rw-p 0001b000 08:05 450581     /lib/i386-linux-gnu/libgcc_s.so.1
[Sat Jul 18 16:26:29.278303 2015] [cgi:error] [pid 10134] [client 192.168.20.21:59625] AH01215: b7375000-b751a000 r--p 00000000 08:05 247985     /usr/lib/locale/locale-archive
[Sat Jul 18 16:26:29.278365 2015] [cgi:error] [pid 10134] [client 192.168.20.21:59625] AH01215: b751a000-b751b000 rw-p 00000000 00:00 0 
[Sat Jul 18 16:26:29.278444 2015] [cgi:error] [pid 10134] [client 192.168.20.21:59625] AH01215: b751b000-b76bf000 r-xp 00000000 08:05 24619      /lib/i386-linux-gnu/i686/cmov/libc-2.19.so
[Sat Jul 18 16:26:29.278544 2015] [cgi:error] [pid 10134] [client 192.168.20.21:59625] AH01215: b76bf000-b76c1000 r--p 001a4000 08:05 24619      /lib/i386-linux-gnu/i686/cmov/libc-2.19.so
[Sat Jul 18 16:26:29.278629 2015] [cgi:error] [pid 10134] [client 192.168.20.21:59625] AH01215: b76c1000-b76c2000 rw-p 001a6000 08:05 24619      /lib/i386-linux-gnu/i686/cmov/libc-2.19.so
[Sat Jul 18 16:26:29.278670 2015] [cgi:error] [pid 10134] [client 192.168.20.21:59625] AH01215: b76c2000-b76c5000 rw-p 00000000 00:00 0 
[Sat Jul 18 16:26:29.278710 2015] [cgi:error] [pid 10134] [client 192.168.20.21:59625] AH01215: b76ce000-b76cf000 rw-p 00000000 00:00 0 
[Sat Jul 18 16:26:29.278796 2015] [cgi:error] [pid 10134] [client 192.168.20.21:59625] AH01215: b76cf000-b76d6000 r--s 00000000 08:05 264993     /usr/lib/i386-linux-gnu/gconv/gconv-modules.cache
[Sat Jul 18 16:26:29.278836 2015] [cgi:error] [pid 10134] [client 192.168.20.21:59625] AH01215: b76d6000-b76d9000 rw-p 00000000 00:00 0 
[Sat Jul 18 16:26:29.278888 2015] [cgi:error] [pid 10134] [client 192.168.20.21:59625] AH01215: b76d9000-b76da000 r-xp 00000000 00:00 0          [vdso]
[Sat Jul 18 16:26:29.278940 2015] [cgi:error] [pid 10134] [client 192.168.20.21:59625] AH01215: b76da000-b76dc000 r--p 00000000 00:00 0          [vvar]
[Sat Jul 18 16:26:29.279011 2015] [cgi:error] [pid 10134] [client 192.168.20.21:59625] AH01215: b76dc000-b76fb000 r-xp 00000000 08:05 452145     /lib/i386-linux-gnu/ld-2.19.so
[Sat Jul 18 16:26:29.279081 2015] [cgi:error] [pid 10134] [client 192.168.20.21:59625] AH01215: b76fb000-b76fc000 r--p 0001f000 08:05 452145     /lib/i386-linux-gnu/ld-2.19.so
[Sat Jul 18 16:26:29.279151 2015] [cgi:error] [pid 10134] [client 192.168.20.21:59625] AH01215: b76fc000-b76fd000 rw-p 00020000 08:05 452145     /lib/i386-linux-gnu/ld-2.19.so
[Sat Jul 18 16:26:29.279226 2015] [cgi:error] [pid 10134] [client 192.168.20.21:59625] AH01215: b76fd000-b7754000 r-xp 00000000 08:05 360614     /usr/lib/cgi-bin/nagios3/status.cgi
[Sat Jul 18 16:26:29.279300 2015] [cgi:error] [pid 10134] [client 192.168.20.21:59625] AH01215: b7754000-b7755000 r--p 00056000 08:05 360614     /usr/lib/cgi-bin/nagios3/status.cgi
[Sat Jul 18 16:26:29.279374 2015] [cgi:error] [pid 10134] [client 192.168.20.21:59625] AH01215: b7755000-b7756000 rw-p 00057000 08:05 360614     /usr/lib/cgi-bin/nagios3/status.cgi
[Sat Jul 18 16:26:29.279415 2015] [cgi:error] [pid 10134] [client 192.168.20.21:59625] AH01215: b7756000-b775a000 rw-p 00000000 00:00 0 
[Sat Jul 18 16:26:29.279466 2015] [cgi:error] [pid 10134] [client 192.168.20.21:59625] AH01215: b9742000-b9784000 rw-p 00000000 00:00 0          [heap]
[Sat Jul 18 16:26:29.279520 2015] [cgi:error] [pid 10134] [client 192.168.20.21:59625] AH01215: bfd5a000-bfd7b000 rw-p 00000000 00:00 0          [stack]

More information about the Pkg-nagios-devel mailing list