|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200605-07] Nagios: Buffer overflow Vulnerability Scan
Vulnerability Scan Summary Nagios: Buffer overflow
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200605-07
(Nagios: Buffer overflow)
Sebastian Krahmer of the SuSE security team discovered a buffer
overflow vulnerability in the handling of a negative HTTP
Content-Length header.
Impact
A buffer overflow in Nagios CGI scripts under certain web servers
allows remote attackers to execute arbitrary code via a negative
content length HTTP header.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2162
Solution:
All Nagios users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/nagios-core-1.4"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|