Upstream information

CVE-2007-5198 at MITRE

Description

Buffer overflow in the redir function in check_http.c in Nagios Plugins before 1.4.10, when running with the -f (follow) option, allows remote web servers to execute arbitrary code via Location header responses (redirects) with a large number of leading "L" characters.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.8
Vector AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entry: 331728 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE LINUX 10.0
  • nagios-plugins >= 1.4.1-2.4
  • nagios-plugins-extras >= 1.4.1-2.4
SUSE LINUX 10.1
  • nagios-plugins >= 1.4.2-16.6
  • nagios-plugins-extras >= 1.4.2-16.6
SUSE LINUX Retail Solution 8
SuSE Linux Enterprise Server 8 for AMD64
SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries
SuSE Linux Enterprise Server 8 for IBM zSeries
SuSE Linux Enterprise Server 8 for IPF
SuSE Linux Openexchange Server 4
SuSE Linux School Server for i386
SuSE Linux Standard Server 8
UnitedLinux 1.0
  • nagios-plugins >= 1.3b1-427
  • nagios-plugins-extras >= 1.3b1-427
core9.s390
slox4.x86
core9.x86
sles10.x86
sles10.s390x
ul1.s390
ZYPP Patch Nr: 4624
Open Enterprise Server
  • nagios-plugins >= 1.3.1-270.13
  • nagios-plugins-extras >= 1.3.1-270.13
core9.s390
slox4.x86
core9.x86
sles10.x86
sles10.s390x
ul1.s390
ZYPP Patch Nr: 4624