CVE-2007-5198
published 2007-10-04CVE-2007-5198: Buffer overflow in the redir function in check_http.c in Nagios Plugins before 1.4.10, when running with the -f (follow) option, allows remote web servers to…
PriorityP337medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
8.02%
94.0th percentile
Buffer overflow in the redir function in check_http.c in Nagios Plugins before 1.4.10, when running with the -f (follow) option, allows remote web servers to execute arbitrary code via Location header responses (redirects) with a large number of leading "L" characters.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nagios | plugins | <= 1.4.9 | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat6.8MEDIUM
vendor_ubuntu6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
nagios-plugins vulnerability
vendor_ubuntu·2007-10-22·CVSS 6.8
CVE-2007-5198 [MEDIUM] nagios-plugins vulnerability
Title: nagios-plugins vulnerability
Summary: nagios-plugins vulnerability
Nobuhiro Ban discovered that check_http in nagios-plugins did
not properly sanitize its input when following redirection
requests. A malicious remote web server could cause a denial
of service or possibly execute arbitrary code as the user.
(CVE-2007-5198)
Aravind Gottipati discovered that sslutils.c in nagios-plugins
did not properly reset pointers to NULL. A malicious remote web
server could cause a denial of service.
Aravind Gottipati discovered that check_http in nagios-plugins
did not properly calculate how much memory to reallocate when
following redirection requests. A malicious remote web server
could cause a denial of service.
Instructions: In general, a standard system upgrade is sufficient to effect t
Red Hat
nagios-plugins check_http buffer overflow
vendor_redhat·2007-06-17·CVSS 6.8
CVE-2007-5198 [MEDIUM] nagios-plugins check_http buffer overflow
nagios-plugins check_http buffer overflow
Buffer overflow in the redir function in check_http.c in Nagios Plugins before 1.4.10, when running with the -f (follow) option, allows remote web servers to execute arbitrary code via Location header responses (redirects) with a large number of leading "L" characters.
GHSA
GHSA-x9h3-fh68-r937: Buffer overflow in the redir function in check_http
ghsa_unreviewed·2022-05-01
CVE-2007-5198 [MEDIUM] CWE-119 GHSA-x9h3-fh68-r937: Buffer overflow in the redir function in check_http
Buffer overflow in the redir function in check_http.c in Nagios Plugins before 1.4.10, when running with the -f (follow) option, allows remote web servers to execute arbitrary code via Location header responses (redirects) with a large number of leading "L" characters.
No detection rules found.
Bugzilla
CVE-2007-5198 nagios-plugins check_http buffer overflow [F7]
bugzilla·2007-11-01·CVSS 6.8
CVE-2007-5198 [MEDIUM] CVE-2007-5198 nagios-plugins check_http buffer overflow [F7]
CVE-2007-5198 nagios-plugins check_http buffer overflow [F7]
F7 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
nagios-plugins-1.4.11-2.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
Bugzilla
CVE-2007-5198 nagios-plugins check_http buffer overflow [Fdevel]
bugzilla·2007-11-01·CVSS 6.8
CVE-2007-5198 [MEDIUM] CVE-2007-5198 nagios-plugins check_http buffer overflow [Fdevel]
CVE-2007-5198 nagios-plugins check_http buffer overflow [Fdevel]
Fdevel tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
Based on the date this bug was created, it appears to have been reported
during the development of Fedora 8. In order to refocus our efforts as
a project we are changing the version of this bug to '8'.
If this bug still exists in rawhide, please change the version back to
rawhide.
(If you're unable to change the bug's version, add a comment to the bug
and someone will change it for you.)
Thanks for your help and we apologize for the interruption.
The process we're following is outlined here:
http://fedoraproject.org/wiki/BugZappers/F9CleanUp
We will be following the process
Bugzilla
CVE-2007-5198 nagios-plugins check_http buffer overflow [F8]
bugzilla·2007-11-01·CVSS 6.8
CVE-2007-5198 [MEDIUM] CVE-2007-5198 nagios-plugins check_http buffer overflow [F8]
CVE-2007-5198 nagios-plugins check_http buffer overflow [F8]
F8 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
nagios-plugins-1.4.11-2.fc8 has been submitted as an update for Fedora 8
---
nagios-plugins-1.4.11-2.fc7 has been submitted as an update for Fedora 7
---
nagios-plugins-1.4.11-2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
---
nagios-2.11-3.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
Bugzilla
CVE-2007-5198 nagios-plugins check_http buffer overflow
bugzilla·2007-10-02·CVSS 6.8
CVE-2007-5198 [MEDIUM] CVE-2007-5198 nagios-plugins check_http buffer overflow
CVE-2007-5198 nagios-plugins check_http buffer overflow
New upstream nagios-plugins version 1.4.10 was released recently with following fix:
"Fix check_http buffer overflow vulnerability when following HTTP redirects"
Release notes:
http://sourceforge.net/forum/forum.php?forum_id=740172
SF.net bug report:
http://sourceforge.net/tracker/index.php?func=detail&aid=1687867&group_id=29880&atid=397597
Relevant CVS commit:
http://nagiosplug.cvs.sourceforge.net/nagiosplug/nagiosplug/plugins/check_http.c?r1=1.106&r2=1.107
Workaround: do to follow redirects for untrusted servers (see -f option)
No CVE id known at the moment.
Discussion:
CVE name CVE-2007-5198 was assigned to this vulnerability.
---
Additional check_http buffer overflow was reported, which is not fixed in 1.4.10:
http://s
http://bugs.gentoo.org/show_bug.cgi?id=194178http://secunia.com/advisories/27124http://secunia.com/advisories/27362http://secunia.com/advisories/27609http://secunia.com/advisories/27965http://secunia.com/advisories/28930http://secunia.com/advisories/29862http://security.gentoo.org/glsa/glsa-200711-11.xmlhttp://sourceforge.net/forum/forum.php?forum_id=740172http://sourceforge.net/tracker/index.php?func=detail&aid=1687867&group_id=29880&atid=397597http://sourceforge.net/tracker/index.php?func=detail&aid=1813346&group_id=29880&atid=397597http://www.debian.org/security/2008/dsa-1495http://www.mandriva.com/security/advisories?name=MDVSA-2008:067http://www.novell.com/linux/security/advisories/2007_25_sr.htmlhttp://www.securityfocus.com/bid/25952http://www.ubuntu.com/usn/usn-532-1http://www.vupen.com/english/advisories/2007/3394https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00249.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-April/msg00282.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-April/msg00320.htmlhttp://bugs.gentoo.org/show_bug.cgi?id=194178http://secunia.com/advisories/27124http://secunia.com/advisories/27362http://secunia.com/advisories/27609http://secunia.com/advisories/27965http://secunia.com/advisories/28930http://secunia.com/advisories/29862http://security.gentoo.org/glsa/glsa-200711-11.xmlhttp://sourceforge.net/forum/forum.php?forum_id=740172http://sourceforge.net/tracker/index.php?func=detail&aid=1687867&group_id=29880&atid=397597http://sourceforge.net/tracker/index.php?func=detail&aid=1813346&group_id=29880&atid=397597http://www.debian.org/security/2008/dsa-1495http://www.mandriva.com/security/advisories?name=MDVSA-2008:067http://www.novell.com/linux/security/advisories/2007_25_sr.htmlhttp://www.securityfocus.com/bid/25952http://www.ubuntu.com/usn/usn-532-1http://www.vupen.com/english/advisories/2007/3394https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00249.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-April/msg00282.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-April/msg00320.html
2007-10-04
Published