(Fwd) Denial of Service Vulnerability in Nagios
Ethan Galstad
nagios at nagios.org
Mon Jul 21 06:59:51 CEST 2003
Anyone have any comments on this? NRPE doesn't use much other than
standard socket functions (listen(), accept(), send(), etc.), so I'm
not sure what I could do other than tell people to run NRPE under
inetd/xinetd...
------- Forwarded message follows -------
Subject: Denial of Service Vulnerability in Nagios
Date sent: Fri, 18 Jul 2003 09:18:07 -0700
From: "Scott Behm" <sbehm at qualys.com>
To: <nagios at nagios.org>, <security at nagios.org>
Copies to: "Gerhard Eschelbeck" <geschelbeck at qualys.com>,
"support-team" <support-team at qualys.com>
Nagios Security Team,
Qualys has identified a denial of service vulnerability in Nagios
Remote Plugin Executor v1.5 1.8, which has adversely affected our
common customers. Enclosed is a draft copy of the Qualys Security
Advisory. Please review and provide us with the following
information:
o Issue Resolution -- If Nagios is able to resolve the issue, please
provide resolution details. Our common customers will be notified
and Qualys Security Advisory QSA-2003-07-17 will not be required.
o Tracking Number -- If Nagios has a fix in process, please provide
a tracking number that can be shared with our common customers.
o Comments If Nagios is unable to fix the issue, please provide
comments, work-around or other input to be included in the Comments
Section of Qualys Security Advisory QSA-2003-07.17.
Please contact me at your earliest convenience. I look forward to
hearing from you soon.
Sincerely,
Scott Behm
Scanner Program Manager
Qualys, Inc.
(650)801-6132
sbehm at qualys.com
------- End of forwarded message -------
Ethan Galstad,
Nagios Developer
---
Email: nagios at nagios.org
Website: http://www.nagios.org
-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
More information about the Developers
mailing list