Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Ubuntu Local Security Checks --> Category: infos

USN282-1 : nagios vulnerability Vulnerability Scan

Vulnerability Scan Summary
nagios vulnerability

Detailed Explanation for this Vulnerability Test

Synopsis :

These remote packages are missing security patches :
- nagios-common
- nagios-mysql
- nagios-pgsql
- nagios-text

Description :

The nagios CGI scripts did not sufficiently check the validity of the
HTTP Content-Length attribute. By sending a specially crafted HTTP
request with a negative Content-Length value to the Nagios server, a
remote attacker could exploit this to execute arbitrary code with web
server rights.

Please note that the Apache 2 web server already checks for valid
Content-Length values, so installations using Apache 2 (the only web
server officially supported in Ubuntu) are not vulnerable to this

Solution :

Upgrade to :
- nagios-common-1.3-cvs.20050402-4ubuntu3.1 (Ubuntu 5.10)
- nagios-mysql-1.3-cvs.20050402-4ubuntu3.1 (Ubuntu 5.10)
- nagios-pgsql-1.3-cvs.20050402-4ubuntu3.1 (Ubuntu 5.10)
- nagios-text-1.3-cvs.20050402-4ubuntu3.1 (Ubuntu 5.10)

Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.