DescriptionInteger overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a content length (Content-Length) HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162.
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having important severity.
|National Vulnerability Database|
Note from the SUSE Security TeamOnly SUSE Linux Enterprise 9 is affected by this specific issue.
We evaluated the problem and find that the integer overflow will not cause allocations smaller than the passed content_length.
First, less than 0 values are checked already.
Second, as there is only a addition of 1, only INT_MAX is overflowing the integer addition.
As malloc gets at least an unsigned integer, and content_length is signed integer, due to the generated code by the compiler of signed integer to unsigned integer promotion all supported platforms get a positive value than INT_MAX if INT_MAX is passed in and will either fail malloc or allocate a INT_MAX+1 bytes of memory.
This means none of our platforms is affected by this issue.SUSE Bugzilla entry: 140494 [RESOLVED / FIXED] No SUSE Security Announcements cross referenced.