FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-5198

This CVE name corresponds to:

Entered Topic
2007-10-11 nagios-plugins -- Long Location Header Buffer Overflow Vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2007-5198
Phase Assigned(20071004)

Description

Buffer overflow in the redir function in check_http.c in Nagios Plugins before 1.4.10, when running with the -f (follow) option, allows remote web servers to execute arbitrary code via Location header responses (redirects) with a large number of leading "L" characters.

References

Source Reference
CONFIRM http://sourceforge.net/forum/forum.php?forum_id=740172
CONFIRM http://sourceforge.net/tracker/index.php?func=detail&aid=1687867&group_id=29880&atid=397597
CONFIRM http://sourceforge.net/tracker/index.php?func=detail&aid=1813346&group_id=29880&atid=397597
CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=194178
DEBIAN DSA-1495
FEDORA FEDORA-2008-3061
FEDORA FEDORA-2008-3098
FEDORA FEDORA-2008-3146
GENTOO GLSA-200711-11
MANDRIVA MDVSA-2008:067
SUSE SUSE-SR:2007:025
UBUNTU USN-532-1
BID 25952
VUPEN ADV-2007-3394
SECUNIA 27124
SECUNIA 27362
SECUNIA 27609
SECUNIA 27965
SECUNIA 28930
SECUNIA 29862