Upstream information

CVE-2006-2489 at MITRE

Description

Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a content length (Content-Length) HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162.

SUSE information

Overall state of this security issue: Ignore

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 7.5
Vector AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial

Note from the SUSE Security Team

Only SLES 9 is affected by this specific issue.

We evaluated the problem and find that the integer overflow will not cause allocations smaller than the passed content_length.

First, less than 0 values are checked already.

Second, as there is only a addition of 1, only INT_MAX is overflowing the integer addition.

As malloc gets at least an unsigned integer, and content_length is signed integer, due to the generated code by the compiler of signed integer to unsigned integer promotion all supported platforms get a positive value than INT_MAX if INT_MAX is passed in and will either fail malloc or allocate a INT_MAX+1 bytes of memory.

This means none of our platforms is affected by this issue.,Only SUSE Linux Enterprise 9 is affected by this specific issue.

We evaluated the problem and find that the integer overflow will not cause allocations smaller than the passed content_length.

First, less than 0 values are checked already.

Second, as there is only a addition of 1, only INT_MAX is overflowing the integer addition.

As malloc gets at least an unsigned integer, and content_length is signed integer, due to the generated code by the compiler of signed integer to unsigned integer promotion all supported platforms get a positive value than INT_MAX if INT_MAX is passed in and will either fail malloc or allocate a INT_MAX+1 bytes of memory.

This means none of our platforms is affected by this issue.

SUSE Bugzilla entry: 140494 [RESOLVED / FIXED]

No SUSE Security Announcements cross referenced.