sean finney wrote:
hey security team and nagios team,
as reported to us in the bts, the debian nagios packages are vulnerable
to arbitrary code execution via not properly checking the Content-Length
header from client requests.
here are the affected versions afaict:
stable:
severity 366682 important
severity 366683 important
thanks
Hi,
the Ubuntu guys already found out that Apache 2 doesn't accept
requests with negative content length and I just checked that Apache
1.3 doesn't either. I guess this makes this a quite low impact
vulnerability.
as reported to us
Hi Sean!
Sean Finney wrote:
On Thu, May 11, 2006 at 05:46:16PM +0200, Martin Schulze wrote:
- crafting a simple user-agent that can illustrate the vulnerability
by sending a negative or 0 value for content length to a nagios cgi
(it doesn't have to actually inject any shell code or
Package: nagios
Severity: grave
Tags: security
Justification: user security hole
CVE-2006-2162:
Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before
2.3 allows remote attackers to execute arbitrary code via a negative
content length (Content-Length) HTTP header.
See
4 matches
Mail list logo