[Nagiosplug-devel] [ nagiosplug-Bugs-1687867 ] check_http: buffer overflow vulnerability
SourceForge.net
noreply at sourceforge.net
Sun Jun 17 21:24:03 CEST 2007
Bugs item #1687867, was opened at 2007-03-25 18:37
Message generated for change (Comment added) made by hweiss
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1687867&group_id=29880
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: General plugin execution
Group: None
>Status: Closed
>Resolution: Fixed
Priority: 7
Private: No
Submitted By: Nobuhiro Ban (ban_nobuhiro)
Assigned to: Nobody/Anonymous (nobody)
Summary: check_http: buffer overflow vulnerability
Initial Comment:
Description:
Buffer overflows within the redir() function of check_http.c
potentially allow remote attackers to execute arbitrary code
via crafted ``Location:'' responses.
This vulnerability is caused by passing insufficient length
buffers to sscanf().
Example of crafted ``Location:'' response:
o Location: htttttttttttttttttttttttttttttttttttttttttttp://example.com/
o Location: http://example.com:1234567890123456789012345678901234567890/
o Location: http://tooooooooooooooooooooooooooooooooooooooooooooooooooo.loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong.loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong.loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong.loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong.loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong.loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong.host-name.example.com/
Workaround:
Do not check untrusted web server with ``-f follow'' option.
----------------------------------------------------------------------
>Comment By: Holger Weiss (hweiss)
Date: 2007-06-17 21:24
Message:
Logged In: YES
user_id=759506
Originator: NO
This is now fixed in CVS. Thank you very much!
----------------------------------------------------------------------
Comment By: Nobuhiro Ban (ban_nobuhiro)
Date: 2007-06-16 20:35
Message:
Logged In: YES
user_id=1699577
Originator: YES
Because this contains some vulnerability information,
I marked this report as confidential (private),
Over 80 days have passed, and the vulnerability exist still now.
So I open this to public.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1687867&group_id=29880
More information about the Devel
mailing list