[Nagiosplug-devel] [ nagiosplug-Bugs-1687867 ] check_http: buffer overflow vulnerability

SourceForge.net noreply at sourceforge.net
Sat Jun 16 20:35:02 CEST 2007

Previous message: [Nagiosplug-devel] [ nagiosplug-Bugs-1460312 ] check_http doesn't check response time on 300's
Next message: [Nagiosplug-devel] [ nagiosplug-Bugs-1687867 ] check_http: buffer overflow vulnerability
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Bugs item #1687867, was opened at 2007-03-26 01:37
Message generated for change (Comment added) made by ban_nobuhiro
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1687867&group_id=29880

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: General plugin execution
Group: None
Status: Open
Resolution: None
Priority: 7
>Private: No
Submitted By: Nobuhiro Ban (ban_nobuhiro)
Assigned to: Nobody/Anonymous (nobody)
Summary: check_http: buffer overflow vulnerability

Initial Comment:
Description:
Buffer overflows within the redir() function of check_http.c
potentially allow remote attackers to execute arbitrary code
via crafted ``Location:'' responses.
This vulnerability is caused by passing insufficient length
buffers to sscanf().

Example of crafted ``Location:'' response:
o Location: htttttttttttttttttttttttttttttttttttttttttttp://example.com/
o Location: http://example.com:1234567890123456789012345678901234567890/
o Location: http://tooooooooooooooooooooooooooooooooooooooooooooooooooo.loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong.loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong.loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong.loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong.loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong.loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong.host-name.example.com/

Workaround:
Do not check untrusted web server with ``-f follow'' option.


----------------------------------------------------------------------

>Comment By: Nobuhiro Ban (ban_nobuhiro)
Date: 2007-06-17 03:35

Message:
Logged In: YES 
user_id=1699577
Originator: YES

Because this contains some vulnerability information,
I marked this report as confidential (private),

Over 80 days have passed, and the vulnerability exist still now.

So I open this to public.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1687867&group_id=29880

Previous message: [Nagiosplug-devel] [ nagiosplug-Bugs-1460312 ] check_http doesn't check response time on 300's
Next message: [Nagiosplug-devel] [ nagiosplug-Bugs-1687867 ] check_http: buffer overflow vulnerability
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Devel mailing list