Tag Archives: Nagios

Nagios Plugins 2.0.3 Released

The Nagios Plugins Development Team is proud to announce that nagios-plugins 2.0.3 has been released and is available for download.

This release is mostly small bug fixes and additional protections against the SUID vulnerability discovered by Dawid Golunski. As we are now using coverity to scan for small bugs, there will be a number of small commits in the near future.

The mailq autodetection commits were reverted as there were issues with parsing performed by the awk script. We decided to use FindBin in lieu of shimming the awk regex. You can try out the proposed FindBin changes in the branch “findbin”.  Expect the branches findbin and timeout_state to be merged into the next major release (2.1.0).

A full list of included enhancements and fixes are listed below:

SECURITY FIXES

  • parse_ini.c – Additional fixes for the SUID plugins vulnerabilities (sreinhardt)
  • Added Gnulib module idpriv-droptemp (weiss)

FIXES

  • check_dns.c – Resolved issues with reverse lookup (sreinhardt)
  • check_dns.c – Changed query types from ALL to ANY (sreinhardt)
  • common.h – Include fixes for esoteric AIX compile issues (emislivec)
  • negate.c – Small fixes from coverity (66479) (66480) (sreinhardt)
  • check_dhcp.c – Small fix from coverity (66488) (sreinhardt)
  • check_http.c – Potential memory leak and overflow fixed from coverity (66514) (sreinhardt)
  • check_ntp.c – Small fix from coverity (66524) (sreinhardt)
  • utils_cmd.c – Small file descriptor fix from coverity (66502) (sreinhardt)
  • check_apt.c – Small fix for from coverity (66531) (sreinhardt)

REVERTS

  • check_mailq – Reverted autodetection commits to avoid awk parsing issues. Autodetection will return in version 2.1.0 as part of the changes in the FindBin branch (abrist)

Thanks to all who have contributed toward this release. If you need assistance installing or using the plugins, please visit our general support forum. Bug reports, feature requests, and additional comments are welcome and may be posted to our plugin development forum.

Nagios Plugins 2.0.2 Released

The Nagios Plugins Development Team is proud to announce that nagios-plugins 2.0.2 has been released and is available for download.

This release was prompted a bit earlier than originally expected by a newly discovered security vulnerability reported by Dawid Golunski on exploit-db. It concerned an arbitrary file access vulnerability with the SUID binaries (check_icmp, check_dhcp) and the extra-opts configure flag (which is enabled by default).  Fixes were applied globally, so the new restrictions on fopen should apply to all plugins.

Additionally, a few plugins were updated to successfully build on windows under cygwin, and some small changes were made to plugin output and verbosity.

A full list of included enhancements and fixes are listed below:

SECURITY FIXES

  • Fixed file access vulnerability with SUID binaries (check_icmp, check_dhcp) and extra-opts.  Fixes were applied globally, so the new resrictions on fopen should apply to all plugins. Special thanks to Dawid Golunski for the submission. More information: http://www.exploit-db.com/exploits/33387/  (sreinhardt) (emislivec)

ENHANCEMENTS

  • check_disk – Now compiles in cygwin on windows (Gunnar Beutner)
  • check_ping – Now compiles in cygwin on windows (Gunnar Beutner)
  • check_users – Now compiles in cygwin on windows (Gunnar Beutner)
  • netutils.c – Connection error verbosity increased. C plugins will now differentiate file socket errors from connection errors (Davide Madrisan)

FIXES

  • check_nt.c – Changed ‘Mb’ to ‘MB’ in MEMUSE output for clarity (abrist)

Thanks to all who have contributed toward this release. If you need assistance installing or using the plugins, please visit our general support forum. Bug reports, feature requests, and additional comments are welcome and may be posted to our plugin development forum.