[Pkg-nagios-devel] Bug#849417: nagios-nrpe-server: segfault during SSL negotiation with older NRPE 2.15 plugin
Adam Di Carlo
adam at onshored.com
Mon Dec 26 20:06:34 UTC 2016
Package: nagios-nrpe-server
Version: 3.0.1-3
Severity: normal
Given a situation where a debian/stable (Jessie) server is polling an
NRPE node running the latest unstable NRPE server, with all debugging
enabled (ssl_logging=-1), I am getting the following segfault, as reported in
/var/log/syslog:
Dec 26 14:49:38 salsa nrpe[14736]: Connection from 192.168.1.5 port 59564
Dec 26 14:49:38 salsa nrpe[14736]: Host address is in allowed_hosts
Dec 26 14:49:38 salsa kernel: [176235.037105] nrpe[14736]: segfault at 50000335 ip 00007fd44f408496 sp 00007ffd5abfb418 error 4 in libc-2.24.so[7fd44f388000+195000]
However, if I rachet down the SSL debugging, e.g., ssl_logging=0x03,
the segfault disappears.
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (1001, 'testing'), (300, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages nagios-nrpe-server depends on:
ii adduser 3.115
ii init-system-helpers 1.46
ii libc6 2.24-8
ii libssl1.0.2 1.0.2j-4
ii libwrap0 7.6.q-25
ii lsb-base 9.20161125
Versions of packages nagios-nrpe-server recommends:
ii monitoring-plugins 2.2-2
ii monitoring-plugins-basic 2.2-2
Versions of packages nagios-nrpe-server suggests:
pn xinetd | inetd <none>
-- Configuration Files:
/etc/default/nagios-nrpe-server changed:
USE_SSL=1
/etc/nagios/nrpe.cfg changed:
log_facility=daemon
debug=1
pid_file=/var/run/nagios/nrpe.pid
server_port=5666
nrpe_user=nagios
nrpe_group=nagios
allowed_hosts=127.0.0.1,192.168.1.5
dont_blame_nrpe=1
allow_bash_command_substitution=0
command_timeout=60
connection_timeout=300
ssl_version=SSLv2+
ssl_logging=-1
command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10
command[check_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5 -c 30,25,20
command[check_hda1]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /dev/hda1
command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200
include=/etc/nagios/nrpe_local.cfg
include_dir=/etc/nagios/nrpe.d/
/etc/nagios/nrpe_local.cfg changed:
include=/etc/shared/nagios/nrpe.cfg
command[check_swap]=/usr/lib/nagios/plugins/check_dummy 0
command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 800 -c 1200
command[check_users]=/usr/lib/nagios/plugins/check_users -w 60 -c 100
-- no debconf information
More information about the Pkg-nagios-devel
mailing list