Re: [Nagios-users] Nagios Exploit

Fri, 11 Jan 2013 11:32:03 -0800

Fixed in the Nagios 3.4.4 release candidate, as well as in the Core 4 trunk. Announced last week: 


All,

I have uploaded a release candidate tarball for Nagios Core 3.4.4 to
SourceForge. If you are so inclined, please download a copy from
https://sourceforge.net/projects/nagios/files/nagios-3.x/nagios-3.4.4/ and give it a test run. Any feedback would be appreciated. I plan to 
create the release mid-week next week.

The change log is as follows:

* Fixed bug #408: service checks get duplicated on reload (Eric Stanley)
* Fixed bug #401: segmentation fault on Solaris when parsing unknown
timeperiod directives. (Eric Stanley)
* Added NULL pointer checks to CGI code. (Eric Stanley)
* Fixed buffer overflow vulnerability in CGI code. Thanks to Neohapsis
(http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0108.html) for
finding this. (Eric Stanley)

Thanks,

Eric






On 1/11/2013 11:58 AM, Leonardo - Mandic wrote:

Hello,

Anybody have more informations about this exploit of Nagios?

http://pastebin.com/FJUNyTaj

Leonardo


------------------------------------------------------------------------------
Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and
much more. Get web development skills now with LearnDevNow -
350+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122812


_______________________________________________
Nagios-users mailing list
Nagios-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting 
any issue.
::: Messages without supporting info will risk being sent to /dev/null



--


Mike Guthrie
Technical Team
___
Nagios Enterprises, LLC
Email:  mguth...@nagios.com
Web:    www.nagios.com


------------------------------------------------------------------------------
Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and
much more. Get web development skills now with LearnDevNow -
350+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122812
_______________________________________________
Nagios-users mailing list
Nagios-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting 
any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Reply via email to