This release was prompted a bit earlier than originally expected by a newly discovered security vulnerability reported by Dawid Golunski on exploit-db. It concerned an arbitrary file access vulnerability with the SUID binaries (check_icmp, check_dhcp) and the extra-opts configure flag (which is enabled by default). Fixes were applied globally, so the new restrictions on fopen should apply to all plugins.
Additionally, a few plugins were updated to successfully build on windows under cygwin, and some small changes were made to plugin output and verbosity.
A full list of included enhancements and fixes are listed below:
- Fixed file access vulnerability with SUID binaries (check_icmp, check_dhcp) and extra-opts. Fixes were applied globally, so the new resrictions on fopen should apply to all plugins. Special thanks to Dawid Golunski for the submission. More information: http://www.exploit-db.com/exploits/33387/ (sreinhardt) (emislivec)
- check_disk – Now compiles in cygwin on windows (Gunnar Beutner)
- check_ping – Now compiles in cygwin on windows (Gunnar Beutner)
- check_users – Now compiles in cygwin on windows (Gunnar Beutner)
- netutils.c – Connection error verbosity increased. C plugins will now differentiate file socket errors from connection errors (Davide Madrisan)
- check_nt.c – Changed ‘Mb’ to ‘MB’ in MEMUSE output for clarity (abrist)
Thanks to all who have contributed toward this release. If you need assistance installing or using the plugins, please visit our general support forum. Bug reports, feature requests, and additional comments are welcome and may be posted to our plugin development forum.