1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200605-07 / nagios |
| Release Date | May 07, 2006 |
| Latest Revision | May 25, 2006: 03 |
| Impact | high |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| net-analyzer/nagios-core | < 1.4.1 | >= 1.4.1 | All supported architectures |
Related bugreports: #132159, #133487
Nagios is vulnerable to a buffer overflow which may lead to remote execution of arbitrary code.
Nagios is an open source host, service and network monitoring program.
Sebastian Krahmer of the SuSE security team discovered a buffer overflow vulnerability in the handling of a negative HTTP Content-Length header.
A buffer overflow in Nagios CGI scripts under certain web servers allows remote attackers to execute arbitrary code via a negative content length HTTP header.
There is no known workaround at this time.
All Nagios users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/nagios-core-1.4.1" |