Package: nagios
Severity: grave
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2006-2489: "Integer overflow in CGI scripts in Nagios 1.x before
1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of
service (crash) and possibly execute arbitrary code via a content length
(Content-Length) HTTP header. NOTE: this is a different vulnerability
than CVE-2006-2162."

I understand that Sean is credited with the discovery and fix; I'm
filing this bug to keep track of the issue.  I believe this affects the
Nagios package in sarge as well.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEbwm3Aud/2YgchcQRAlgmAJsFxM1WkFJAlHKWdU63reEMXBWZGgCgtbzi
mEC2c5/5Mited6YpHaAx6SY=
=uXcN
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to