Ubuntu Security Notice USN-532-1
22nd October, 2007
nagios-plugins vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 6.06 LTS
Software description
- nagios-plugins
Details
Nobuhiro Ban discovered that check_http in nagios-plugins did
not properly sanitize its input when following redirection
requests. A malicious remote web server could cause a denial
of service or possibly execute arbitrary code as the user.
(CVE-2007-5198)
Aravind Gottipati discovered that sslutils.c in nagios-plugins
did not properly reset pointers to NULL. A malicious remote web
server could cause a denial of service.
Aravind Gottipati discovered that check_http in nagios-plugins
did not properly calculate how much memory to reallocate when
following redirection requests. A malicious remote web server
could cause a denial of service.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 6.06 LTS:
- nagios-plugins 1.4.2-5ubuntu3.1
- nagios-plugins-basic 1.4.2-5ubuntu3.1
- nagios-plugins-standard 1.4.2-5ubuntu3.1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system upgrade is sufficient to effect the
necessary changes.