On 2026-07-01 15:36:00, Holger Weiß wrote:
> We released Monitoring Plugins 3.0.1, which fixes a security issue in 
> the check_icmp plugin.
>
> ...
>
> A local user can trigger a heap buffer overflow in check_icmp by 
> supplying more than 65535 target hosts, which overflows an internal 
> counter. This happens before check_icmp drops its privileges, so the 
> corruption occurs while still running as root on setuid-root 
> installations.

If anyone was wondering, nagios-plugins has the same problem.

Fix: https://github.com/nagios-plugins/nagios-plugins/pull/833

Reply via email to