[Nagiosplug-devel] [ nagiosplug-Bugs-1687867 ] check_http: buffer overflow vulnerability
SourceForge.net
noreply at sourceforge.net
Sun Mar 25 18:37:08 CEST 2007
Bugs item #1687867, was opened at 2007-03-26 01:37
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1687867&group_id=29880
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: General plugin execution
Group: None
Status: Open
Resolution: None
Priority: 5
Private: Yes
Submitted By: Nobuhiro Ban (ban_nobuhiro)
Assigned to: Nobody/Anonymous (nobody)
Summary: check_http: buffer overflow vulnerability
Initial Comment:
Description:
Buffer overflows within the redir() function of check_http.c
potentially allow remote attackers to execute arbitrary code
via crafted ``Location:'' responses.
This vulnerability is caused by passing insufficient length
buffers to sscanf().
Example of crafted ``Location:'' response:
o Location: htttttttttttttttttttttttttttttttttttttttttttp://example.com/
o Location: http://example.com:1234567890123456789012345678901234567890/
o Location: http://tooooooooooooooooooooooooooooooooooooooooooooooooooo.loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong.loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong.loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong.loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong.loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong.loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong.host-name.example.com/
Workaround:
Do not check untrusted web server with ``-f follow'' option.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1687867&group_id=29880
More information about the Devel
mailing list