Nagios Exploit

Esteban Monge esteban at nuevaeralatam.com
Sat Jan 12 16:48:24 CET 2013


> Fixed in the Nagios 3.4.4 release candidate, as well as in the Core 4
> trunk. Announced last week:
>
>> All,
>>
>> I have uploaded a release candidate tarball for Nagios Core 3.4.4 to
>> SourceForge. If you are so inclined, please download a copy from
>> https://sourceforge.net/projects/nagios/files/nagios-3.x/nagios-3.4.4/
>> and give it a test run. Any feedback would be appreciated. I plan to
>> create the release mid-week next week.
>>
>> The change log is as follows:
>>
>> * Fixed bug #408: service checks get duplicated on reload (Eric Stanley)
>> * Fixed bug #401: segmentation fault on Solaris when parsing unknown
>> timeperiod directives. (Eric Stanley)
>> * Added NULL pointer checks to CGI code. (Eric Stanley)
>> * Fixed buffer overflow vulnerability in CGI code. Thanks to Neohapsis
>> (http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0108.html)
>> for
>> finding this. (Eric Stanley)
>>
>> Thanks,
>>
>> Eric
>

In security concerns is a good practice put versions affected. What
versions are affected?

>
>
>
>
> On 1/11/2013 11:58 AM, Leonardo - Mandic wrote:
>> Hello,
>>
>> Anybody have more informations about this exploit of Nagios?
>>
>> http://pastebin.com/FJUNyTaj
>>
>> Leonardo
>>
>>
>> ------------------------------------------------------------------------------
>> Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and
>> much more. Get web development skills now with LearnDevNow -
>> 350+ hours of step-by-step video tutorials by Microsoft MVPs and
>> experts.
>> SALE $99.99 this month only -- learn more at:
>> http://p.sf.net/sfu/learnmore_122812
>>
>>
>> _______________________________________________
>> Nagios-users mailing list
>> Nagios-users at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/nagios-users
>> ::: Please include Nagios version, plugin version (-v) and OS when
>> reporting any issue.
>> ::: Messages without supporting info will risk being sent to /dev/null
>
>
> --
>
>
> Mike Guthrie
> Technical Team
> ___
> Nagios Enterprises, LLC
> Email:  mguthrie at nagios.com
> Web:    www.nagios.com
>
> ------------------------------------------------------------------------------
> Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and
> much more. Get web development skills now with LearnDevNow -
> 350+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
> SALE $99.99 this month only -- learn more at:
> http://p.sf.net/sfu/learnmore_122812_______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null



------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. SALE $99.99 this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122912
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list