(Fwd) Denial of Service Vulnerability in Nagios

Ethan Galstad nagios at nagios.org
Mon Jul 21 06:59:51 CEST 2003


Anyone have any comments on this?  NRPE doesn't use much other than 
standard socket functions (listen(), accept(), send(), etc.), so I'm 
not sure what I could do other than tell people to run NRPE under 
inetd/xinetd...



------- Forwarded message follows -------
Subject:        	Denial of Service Vulnerability in Nagios
Date sent:      	Fri, 18 Jul 2003 09:18:07 -0700
From:           	"Scott Behm" <sbehm at qualys.com>
To:             	<nagios at nagios.org>, <security at nagios.org>
Copies to:      	"Gerhard Eschelbeck" <geschelbeck at qualys.com>,
	"support-team" <support-team at qualys.com>


Nagios Security Team,

Qualys has identified a denial of service vulnerability in Nagios 
Remote Plugin Executor v1.5 “ 1.8, which has adversely affected our 
common customers. Enclosed is a draft copy of the Qualys Security 
Advisory. Please review and provide us with the following 
information: 

o Issue Resolution -- If Nagios is able to resolve the issue, please 
provide resolution details. Our common customers will be notified 
and Qualys Security Advisory QSA-2003-07-17 will not be required. 

o Tracking Number -- If Nagios has a fix in process, please provide 
a tracking number that can be shared with our common customers. 

o Comments “ If Nagios is unable to fix the issue, please provide 
comments, work-around or other input to be included in the Comments 
Section of Qualys Security Advisory QSA-2003-07.17.

Please contact me at your earliest convenience. I look forward to 
hearing from you soon. 

Sincerely, 

Scott Behm 
Scanner Program Manager
Qualys, Inc. 
(650)801-6132
sbehm at qualys.com


------- End of forwarded message -------

Ethan Galstad,
Nagios Developer
---
Email: nagios at nagios.org
Website: http://www.nagios.org



-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0




More information about the Developers mailing list