Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Linux :: Ubuntu :: b06-2564.htm

Nagios vulnerability

Nagios vulnerability
Nagios vulnerability

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================Ubuntu Security Notice USN-287-1	       May 29, 2006
nagios vulnerability
A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:


The problem can be corrected by upgrading the affected package to
version 2:1.3-0+pre6ubuntu0.2 (for Ubuntu 5.04), or
2:1.3-cvs.20050402-4ubuntu3.2 (for Ubuntu 5.10).  In general, a
standard system upgrade is sufficient to effect the necessary changes.

Details follow:

The nagios CGI scripts did not sufficiently check the validity of the
HTTP Content-Length attribute. By sending a specially crafted HTTP
request with an invalidly large Content-Length value to the Nagios
server, a remote attacker could exploit this to execute arbitrary code
with web server privileges.

Please note that the Apache 2 web server already checks for valid
Content-Length values, so installations using Apache 2 (the only web
server officially supported in Ubuntu) are not vulnerable to this

Updated packages for Ubuntu 5.04:

  Source archives: 
      Size/MD5:    80449 1af54c94d8119c7838dd5daed1e50c9b 
      Size/MD5:     1010 7ce12d54ea17c24c898346995397e069 
      Size/MD5:  1625322 414d70e5269d5b8d7c21bf3ee129309f

  Architecture independent packages: 
      Size/MD5:  1213320 bb517ad62a0b4515b677fffa556086f9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon) 
      Size/MD5:   994506 a5115aa68e435a3727f066addedb20c7 
      Size/MD5:  1006602 29d2add2204db681b02c6345bb23c8ee 
      Size/MD5:   976218 026ea6069f7e240c501e40cc45d995a4

  i386 architecture (x86 compatible Intel/AMD) 
      Size/MD5:   872622 88340a6009fa9ca6e19d1d83967d47d0 
      Size/MD5:   882350 26502350bfee23fbf3bba4297d4f73c1 
      Size/MD5:   857930 f8f30305908113a31559f24d11d6d36d

  powerpc architecture (Apple Macintosh G3/G4/G5) 
      Size/MD5:  1003054 5710e195a858bd6e425e302dc1e8268b 
      Size/MD5:  1010828 585a23296ea4a6e29141fa6cc8c6c39e 
      Size/MD5:   970178 bcf95bae9783327b461f6c06dcfd6edb

Updated packages for Ubuntu 5.10:

  Source archives: 
      Size/MD5:    73095 6415cb60826aacb697b6d5e8e2ce2987 
      Size/MD5:     1039 40c86a1a990d82fa0c5608ad6d73c0d5 
      Size/MD5:  1621251 0f92b7b8e705411b7881d3650cbb5d56

  Architecture independent packages: 
      Size/MD5:  1221338 8242fbb490a4f669f3f06eddb2b6439e

  amd64 architecture (Athlon64, Opteron, EM64T Xeon) 
      Size/MD5:  1030086 4833dee00a8e7dd04469fcda70184cf6 
      Size/MD5:  1041982 bfe2bee8ee08e6e45cce8bf905736e3b 
      Size/MD5:  1025714 c3f7679dd7e03cc7ef91178bb8943af1

  i386 architecture (x86 compatible Intel/AMD) 
      Size/MD5:   879066 4c9e26642676ae206c90cd68b44ec538 
      Size/MD5:   888082 ce822ce820e27ef762682cd97dbbb337 
      Size/MD5:   873920 3e1d92b025ae309f46b2d691b51db02b

  powerpc architecture (Apple Macintosh G3/G4/G5) 
      Size/MD5:  1016168 11c4008421bfc4e55bea551e2fc8790d 
      Size/MD5:  1025252 6b5d28ba018cb646d8b8841d99d7a728 
      Size/MD5:   993540 a89f026455e66828508e498f1c407356

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

Version: GnuPG v1.4.2.2 (GNU/Linux)



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH