|
Family: Ubuntu Local Security Checks --> Category: infos
USN282-1 : nagios vulnerability Vulnerability Scan
Vulnerability Scan Summary nagios vulnerability
Detailed Explanation for this Vulnerability Test
Synopsis :
These remote packages are missing security patches :
- nagios-common
- nagios-mysql
- nagios-pgsql
- nagios-text
Description :
The nagios CGI scripts did not sufficiently check the validity of the
HTTP Content-Length attribute. By sending a specially crafted HTTP
request with a negative Content-Length value to the Nagios server, a
remote attacker could exploit this to execute arbitrary code with web
server rights.
Please note that the Apache 2 web server already checks for valid
Content-Length values, so installations using Apache 2 (the only web
server officially supported in Ubuntu) are not vulnerable to this
flaw.
Solution :
Upgrade to :
- nagios-common-1.3-cvs.20050402-4ubuntu3.1 (Ubuntu 5.10)
- nagios-mysql-1.3-cvs.20050402-4ubuntu3.1 (Ubuntu 5.10)
- nagios-pgsql-1.3-cvs.20050402-4ubuntu3.1 (Ubuntu 5.10)
- nagios-text-1.3-cvs.20050402-4ubuntu3.1 (Ubuntu 5.10)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|