漏洞信息详情
Nagios CGI脚本 整数溢出漏洞
- CNNVD编号:CNNVD-200605-373 <!--
- 危害等级: 高危-->
- 危害等级: 高危
- CVE编号: CVE-2006-2489
- 漏洞类型: 缓冲区溢出
- 发布时间: 2006-05-19
- 威胁类型: 远程
- 更新时间: 2006-05-22
- 厂 商: nagios
- 漏洞来源: Sean Finney and De...
-
漏洞简介
Nagios 1.4.1之前的1.x 和2.3.1 之前的2.x版本的CGI脚本存在整数溢出。远程攻击者可以借助内容长度(Content-Length) HTTP标头,引起拒绝服务(崩溃)并可能执行任意代码。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接: Nagios Nagios 2.2 Nagios nagios-2.3.1.tar.gz http://prdownloads.sourceforge.net/nagios/nagios-2.3.1.tar.gz?download Nagios Nagios 1.4 Nagios nagios-1.4.1.tar.gz http://prdownloads.sourceforge.net/nagios/nagios-1.4.1.tar.gz?download Nagios Nagios 1.3 Debian nagios-common_1.3-cvs.20050402-2.sarge.2_all.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/n/nagios/nagios-common_1. 3-cvs.20050402-2.sarge.2_all.deb Debian nagios-mysql_1.3-cvs.20050402-2.sarge.2_alpha.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3 -cvs.20050402-2.sarge.2_alpha.deb Debian nagios-mysql_1.3-cvs.20050402-2.sarge.2_amd64.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3 -cvs.20050402-2.sarge.2_amd64.deb Debian nagios-mysql_1.3-cvs.20050402-2.sarge.2_arm.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3 -cvs.20050402-2.sarge.2_arm.deb Debian nagios-mysql_1.3-cvs.20050402-2.sarge.2_hppa.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3 -cvs.20050402-2.sarge.2_hppa.deb Debian nagios-mysql_1.3-cvs.20050402-2.sarge.2_i386.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3 -cvs.20050402-2.sarge.2_i386.deb Debian nagios-mysql_1.3-cvs.20050402-2.sarge.2_ia64.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3 -cvs.20050402-2.sarge.2_ia64.deb Debian nagios-mysql_1.3-cvs.20050402-2.sarge.2_m68k.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3 -cvs.20050402-2.sarge.2_m68k.deb Debian nagios-mysql_1.3-cvs.20050402-2.sarge.2_mips.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3 -cvs.20050402-2.sarge.2_mips.deb Debian nagios-mysql_1.3-cvs.20050402-2.sarge.2_mipsel.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3 -cvs.20050402-2.sarge.2_mipsel.deb Debian nagios-mysql_1.3-cvs.20050402-2.sarge.2_powerpc.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3 -cvs.20050402-2.sarge.2_powerpc.deb Debian nagios-mysql_1.3-cvs.20050402-2.sarge.2_s390.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3 -cvs.20050402-2.sarge.2_s390.deb Debian nagios-mysql_1.3-cvs.20050402-2.sarge.2_sparc.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3 -cvs.20050402-2.sarge.2_sparc.deb Debian nagios-pgsql_1.3-cvs.20050402-2.sarge.2_alpha.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3 -cvs.20050402-2.sarge.2_alpha.deb Debian nagios-pgsql_1.3-cvs.20050402-2.sarge.2_amd64.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3 -cvs.20050402-2.sarge.2_amd64.deb Debian nagios-pgsql_1.3-cvs.20050402-2.sarge.2_arm.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3 -cvs.20050402-2.sarge.2_arm.deb Debian nagios-pgsql_1.3-cvs.20050402-2.sarge.2_hppa.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3 -cvs.20050402-2.sarge.2_hppa.deb Debian nagios-pgsql_1.3-cvs.20050402-2.sarge.2_i386.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3 -cvs.20050402-2.sarge.2_i386.deb Debian nagios-pgsql_1.3-cvs.20050402-2.sarge.2_ia64.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3 -cvs.20050402-2.sarge.2_ia64.deb Debian nagios-pgsql_1.3-cvs.20050402-2.sarge.2_m68k.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3 -cvs.20050402-2.sarge.2_m68k.deb Debian nagios-pgsql_1.3-cvs.20050402-2.sarge.2_mips.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3 -cvs.20050402-2.sarge.2_mips.deb Debian nagios-pgsql_1.3-cvs.20050402-2.sarge.2_mipsel.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3 -cvs.20050402-2.sarge.2_mipsel.deb Debian nagios-pgsql_1.3-cvs.20050402-2.sarge.2_powerpc.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3 -cvs.20050402-2.sarge.2_powerpc.deb Debian nagios-pgsql_1.3-cvs.20050402-2.sarge.2_s390.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3 -cvs.20050402-2.sarge.2_s390.deb Debian nagios-pgsql_1.3-cvs.20050402-2.sarge.2_sparc.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3 -cvs.20050402-2.sarge.2_sparc.deb Debian nagios-text_1.3-cvs.20050402-2.sarge.2_alpha.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3- cvs.20050402-2.sarge.2_alpha.deb Debian nagios-text_1.3-cvs.20050402-2.sarge.2_amd64.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3- cvs.20050402-2.sarge.2_amd64.deb Debian nagios-text_1.3-cvs.20050402-2.sarge.2_arm.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3- cvs.20050402-2.sarge.2_arm.deb Debian nagios-text_1.3-cvs.20050402-2.sarge.2_hppa.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3- cvs.20050402-2.sarge.2_hppa.deb Debian nagios-text_1.3-cvs.20050402-2.sarge.2_i386.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3- cvs.20050402-2.sarge.2_i386.deb Debian nagios-text_1.3-cvs.20050402-2.sarge.2_ia64.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3- cvs.20050402-2.sarge.2_ia64.deb Debian nagios-text_1.3-cvs.20050402-2.sarge.2_m68k.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3- cvs.20050402-2.sarge.2_m68k.deb Debian nagios-text_1.3-cvs.20050402-2.sarge.2_mips.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3- cvs.20050402-2.sarge.2_mips.deb Debian nagios-text_1.3-cvs.20050402-2.sarge.2_mipsel.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3- cvs.20050402-2.sarge.2_mipsel.deb Debian nagios-text_1.3-cvs.20050402-2.sarge.2_powerpc.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3- cvs.20050402-2.sarge.2_powerpc.deb Debian nagios-text_1.3-cvs.20050402-2.sarge.2_s390.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3- cvs.20050402-2.sarge.2_s390.deb Debian nagios-text_1.3-cvs.20050402-2.sarge.2_sparc.deb Debian GNU/Linux 3.1 alias sarge http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3- cvs.20050402-2.sarge.2_sparc.deb Nagios nagios-1.4.1.tar.gz http://prdownloads.sourceforge.net/nagios/nagios-1.4.1.tar.gz?download Ubuntu nagios-common_1.3-0+pre6ubuntu0.2_all.deb Ubuntu 5.04: http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios-common_1.3 -0+pre6ubuntu0.2_all.deb Ubuntu nagios-common_1.3-cvs.20050402-4ubuntu3.2_all.deb Ubuntu 5.10: http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios-common_1.3 -cvs.20050402-4ubuntu3.2_all.deb Ubuntu nagios-mysql_1.3-0+pre6ubuntu0.2_amd64.deb Ubuntu 5.04: http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios-mysql_1.3- 0+pre6ubuntu0.2_amd64.deb Ubuntu nagios-mysql_1.3-0+pre6ubuntu0.2_i386.deb Ubuntu 5.04: http://security.ubuntu.com/ubuntu/pool/main/n/nagios/na
参考网址
来源: VUPEN
名称: ADV-2006-1822
链接:http://www.frsirt.com/english/advisories/2006/1822
来源: SECUNIA
名称: 20123
链接:http://secunia.com/advisories/20123
来源: www.nagios.org
链接:http://www.nagios.org/development/changelog.php
来源: XF
名称: nagios-contentlength-overflow(26454)
链接:http://xforce.iss.net/xforce/xfdb/26454
来源: UBUNTU
名称: USN-287-1
链接:http://www.ubuntulinux.org/support/documentation/usn/usn-287-1
来源: BID
名称: 18059
链接:http://www.securityfocus.com/bid/18059
来源: GENTOO
名称: GLSA-200605-07
链接:http://www.gentoo.org/security/en/glsa/glsa-200605-07.xml
来源: DEBIAN
名称: DSA-1072
链接:http://www.debian.org/security/2006/dsa-1072
来源: SECUNIA
名称: 20313
链接:http://secunia.com/advisories/20313
来源: SECUNIA
名称: 20247
链接:http://secunia.com/advisories/20247
受影响实体
- Nagios Nagios:1.0<!--2000-1-1-->
- Nagios Nagios:1.0b1<!--2000-1-1-->
- Nagios Nagios:1.0b2<!--2000-1-1-->
- Nagios Nagios:1.0b3<!--2000-1-1-->
- Nagios Nagios:1.0b4<!--2000-1-1-->
补丁
暂无
还没有评论,来说两句吧...