=========================================================== Ubuntu Security Notice USN-282-1 May 08, 2006 nagios vulnerability CVE-2006-2162 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: nagios-common The problem can be corrected by upgrading the affected package to version 2:1.3-0+pre6ubuntu0.1 (for Ubuntu 5.04), or 2:1.3-cvs.20050402-4ubuntu3.1 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: The nagios CGI scripts did not sufficiently check the validity of the HTTP Content-Length attribute. By sending a specially crafted HTTP request with a negative Content-Length value to the Nagios server, a remote attacker could exploit this to execute arbitrary code with web server privileges. Please note that the Apache 2 web server already checks for valid Content-Length values, so installations using Apache 2 (the only web server officially supported in Ubuntu) are not vulnerable to this flaw. Updated packages for Ubuntu 5.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios_1.3-0+pre6ubuntu0.1.diff.gz Size/MD5: 80281 7d71114ea6d8e11edb79133235e94951 http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios_1.3-0+pre6ubuntu0.1.dsc Size/MD5: 1010 611221f65f55763d607bd18754f5b46e http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios_1.3.orig.tar.gz Size/MD5: 1625322 414d70e5269d5b8d7c21bf3ee129309f Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios-common_1.3-0+pre6ubuntu0.1_all.deb Size/MD5: 1213184 aef209a60989887c5e4828f8c6e5ed22 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios-mysql_1.3-0+pre6ubuntu0.1_amd64.deb Size/MD5: 994148 caee3765a8cb8826cbfb83b6a80a93aa http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios-pgsql_1.3-0+pre6ubuntu0.1_amd64.deb Size/MD5: 1006218 331626a1400801648faa72261f72bc0f http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios-text_1.3-0+pre6ubuntu0.1_amd64.deb Size/MD5: 975952 83b6c5a302ed299866fa717020c30d68 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios-mysql_1.3-0+pre6ubuntu0.1_i386.deb Size/MD5: 872306 fcb37a47f0eff94a77d1a1e30205aeec http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios-pgsql_1.3-0+pre6ubuntu0.1_i386.deb Size/MD5: 882042 08b7590825e1d97807445e11859fb487 http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios-text_1.3-0+pre6ubuntu0.1_i386.deb Size/MD5: 857596 0feedae7fd082a9b566bdc52c2a69794 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios-mysql_1.3-0+pre6ubuntu0.1_powerpc.deb Size/MD5: 1002618 f7267c0a908b37119bd1cc75a82f691a http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios-pgsql_1.3-0+pre6ubuntu0.1_powerpc.deb Size/MD5: 1010332 cd4882a8adaf882be52ca06c03a9f009 http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios-text_1.3-0+pre6ubuntu0.1_powerpc.deb Size/MD5: 969694 61692fa210eac3be4acc0ec31db859df Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios_1.3-cvs.20050402-4ubuntu3.1.diff.gz Size/MD5: 72940 45eb9bb3f5d319ee26e54911766c3329 http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios_1.3-cvs.20050402-4ubuntu3.1.dsc Size/MD5: 1039 38ccfb2a73283d3407b9fe60533f98ff http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios_1.3-cvs.20050402.orig.tar.gz Size/MD5: 1621251 0f92b7b8e705411b7881d3650cbb5d56 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios-common_1.3-cvs.20050402-4ubuntu3.1_all.deb Size/MD5: 1221180 8d5b4df9c227530749020ffb466ff2f2 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios-mysql_1.3-cvs.20050402-4ubuntu3.1_amd64.deb Size/MD5: 1029868 c8d76916a6910a2cbfe3ff1ba6ac5719 http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-4ubuntu3.1_amd64.deb Size/MD5: 1041510 623c9b4b2e3ab693c9993ede121488a7 http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios-text_1.3-cvs.20050402-4ubuntu3.1_amd64.deb Size/MD5: 1025400 d37f7806f75fecda7f4b3d63491e0939 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios-mysql_1.3-cvs.20050402-4ubuntu3.1_i386.deb Size/MD5: 878928 9ee514d4b91119f3ba6bfc6c1f62fbea http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-4ubuntu3.1_i386.deb Size/MD5: 887908 f8365be3ee3dd6aa19fbe61e80a51120 http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios-text_1.3-cvs.20050402-4ubuntu3.1_i386.deb Size/MD5: 873662 1c9aa6c22a19b705f7a3702b09fe6986 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios-mysql_1.3-cvs.20050402-4ubuntu3.1_powerpc.deb Size/MD5: 1015848 74ebefb823c39c2b1cd54d3c8bcf80f3 http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-4ubuntu3.1_powerpc.deb Size/MD5: 1024990 7e1a404b27a63d58644e2faa92f20217 http://security.ubuntu.com/ubuntu/pool/main/n/nagios/nagios-text_1.3-cvs.20050402-4ubuntu3.1_powerpc.deb Size/MD5: 993116 ba19fcb9ba815eb4f47d8c75cebb8ee0
Attachment:
signature.asc
Description: Digital signature