Check Point Advisories

Preemptive Protection against Nagios "Content-Length" Header Buffer Overflow Vulnerability

Check Point Reference: CPAI-2006-047
Date Published: 21 May 2006
Severity: Medium
Last Updated: Monday 07 May, 2007
Source: FrSIRT/ADV-2006-1662
Industry Reference:CVE-2006-2162
Protection Provided by:
Who is Vulnerable? Nagios versions prior to 2.3
Nagios versions prior to 1.4
Vulnerability Description Nagios is an open source host, service and network monitoring program. The product?s functionality is implemented through a number of CGI programs. A vulnerability has been identified in Nagios, specifically due to buffer overflow errors in various CGI scripts that do not properly process a negative "Content-Length" HTTP header value. This flaw can be exploited by remote attackers to crash or compromise a vulnerable system.
Update/Patch AvaliableUpgrade to Nagios version 2.3 or 1.4 :
http://www.nagios.org/download/
Vulnerability DetailsA buffer overflow vulnerability exists in the Nagios product. Numerous binary executable CGI programs implement a common faulty method of processing the Content-Length header. The value of this header is not checked to be within the range of positive values. This can be exploited by remote attackers to execute remote code on a vulnerable system.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK