Debian Security Advisory
DSA-1072-1 nagios -- buffer overflow
- Date Reported:
- 22 May 2006
- Affected Packages:
- nagios
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 366682, Bug 366683, Bug 368193.
In the Bugtraq database (at SecurityFocus): BugTraq ID 17879.
In Mitre's CVE dictionary: CVE-2006-2162, CVE-2006-2489. - More information:
-
A buffer overflow has been discovered in nagios, a host, service and network monitoring and management system, that could be exploited by remote attackers to execute arbitrary code.
The old stable distribution (woody) does not contain nagios packages.
For the stable distribution (sarge) this problem has been fixed in version 1.3-cvs.20050402-2.sarge.2.
For the unstable distribution (sid) this problem has been fixed in version 1.4-1 and 2.3-1.
We recommend that you upgrade your nagios package.
- Fixed in:
-
Debian GNU/Linux 3.1 (sarge)
- Source:
- http://security.debian.org/pool/updates/main/n/nagios/nagios_1.3-cvs.20050402-2.sarge.2.dsc
- http://security.debian.org/pool/updates/main/n/nagios/nagios_1.3-cvs.20050402-2.sarge.2.diff.gz
- http://security.debian.org/pool/updates/main/n/nagios/nagios_1.3-cvs.20050402.orig.tar.gz
- http://security.debian.org/pool/updates/main/n/nagios/nagios_1.3-cvs.20050402-2.sarge.2.diff.gz
- Architecture-independent component:
- http://security.debian.org/pool/updates/main/n/nagios/nagios-common_1.3-cvs.20050402-2.sarge.2_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3-cvs.20050402-2.sarge.2_alpha.deb
- http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_alpha.deb
- http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3-cvs.20050402-2.sarge.2_alpha.deb
- http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3-cvs.20050402-2.sarge.2_amd64.deb
- http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_amd64.deb
- http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3-cvs.20050402-2.sarge.2_amd64.deb
- http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3-cvs.20050402-2.sarge.2_arm.deb
- http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_arm.deb
- http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3-cvs.20050402-2.sarge.2_arm.deb
- http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3-cvs.20050402-2.sarge.2_i386.deb
- http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_i386.deb
- http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3-cvs.20050402-2.sarge.2_i386.deb
- http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3-cvs.20050402-2.sarge.2_ia64.deb
- http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_ia64.deb
- http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3-cvs.20050402-2.sarge.2_ia64.deb
- http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3-cvs.20050402-2.sarge.2_hppa.deb
- http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_hppa.deb
- http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3-cvs.20050402-2.sarge.2_hppa.deb
- http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3-cvs.20050402-2.sarge.2_m68k.deb
- http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_m68k.deb
- http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3-cvs.20050402-2.sarge.2_m68k.deb
- http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3-cvs.20050402-2.sarge.2_mips.deb
- http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_mips.deb
- http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3-cvs.20050402-2.sarge.2_mips.deb
- http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3-cvs.20050402-2.sarge.2_mipsel.deb
- http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_mipsel.deb
- http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3-cvs.20050402-2.sarge.2_mipsel.deb
- http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3-cvs.20050402-2.sarge.2_powerpc.deb
- http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_powerpc.deb
- http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3-cvs.20050402-2.sarge.2_powerpc.deb
- http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3-cvs.20050402-2.sarge.2_s390.deb
- http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_s390.deb
- http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3-cvs.20050402-2.sarge.2_s390.deb
- http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3-cvs.20050402-2.sarge.2_sparc.deb
- http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_sparc.deb
- http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3-cvs.20050402-2.sarge.2_sparc.deb
- http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_sparc.deb
MD5 checksums of the listed files are available in the original advisory.