oss-sec mailing list archives
Re: CVE Request (nagios)
From: Eygene Ryabinkin <rea-sec () codelabs ru>
Date: Mon, 8 Dec 2008 15:16:07 +0300
Andreas, Mon, Dec 08, 2008 at 01:00:18PM +0100, Andreas Ericsson wrote:
Eygene Ryabinkin wrote:As you see, the wrong arguments were passed to the cmd_submitf for the service comments -- argument 'service_desc' will be treated as integer and argument 'presistent_comment' (that is essentially a boolean that is simulated via 'int' type) will be treated as the pointer to a string. SEGV is likely here.Ah, right. Yes, that's true. however, it's not a vulnerability as it's doing read-only access, and it can't cause DoS as it's only the CGI that's affected.
It surely will cause SEGV: ----- $ cat test.c #include <stdio.h> int main(void) { char buffer[1024]; int persistent_comment = 1; char *current_time = "time"; char *host_name = "host name"; char *service_desc = "service"; char *comment_author = "author"; char *comment_data = "comment"; snprintf(buffer, sizeof(buffer), "%s;%s;%d;%s;%s", current_time, host_name, service_desc, persistent_comment, comment_author, comment_data); return 0; } $ gcc -o test test.c $ ./test Segmentation fault: 11 (core dumped) ----- Since CGI's could dump core and core dump starvates both disk and CPU, then DoS for the HTTP server that hosts Nagios is still foreseeable. But I tend to agree that this issue is of much lower interest then the cmg.cgi's one ;)) So, probably, no CVE is really needed until someone will show how this thing can be exploited. Remember sudo's "just one byte" overflow (http://packetstormsecurity.org/0211-exploits/hudo.c)? -- Eygene
Current thread:
- CVE Request (nagios) Josh Bressers (Dec 05)
- Re: CVE Request (nagios) Andreas Ericsson (Dec 08)
- Re: CVE Request (nagios) Eygene Ryabinkin (Dec 08)
- Re: CVE Request (nagios) Andreas Ericsson (Dec 08)
- Re: CVE Request (nagios) Eygene Ryabinkin (Dec 08)
- Re: CVE Request (nagios) Jan Lieskovsky (Dec 08)
- Re: CVE Request (nagios) Eygene Ryabinkin (Dec 08)
- Re: CVE Request (nagios) Eygene Ryabinkin (Dec 08)
- Re: CVE Request (nagios) Eygene Ryabinkin (Dec 10)
- Re: CVE Request (nagios) Andreas Ericsson (Dec 10)
- Re: CVE Request (nagios) Eygene Ryabinkin (Dec 10)
- Re: CVE Request (nagios) Andreas Ericsson (Dec 10)
- Re: CVE Request (nagios) Jan Lieskovsky (Dec 11)
- Re: CVE Request (nagios) Steven M. Christey (Dec 16)
- Re: CVE Request (nagios) Eygene Ryabinkin (Dec 08)
- Re: CVE Request (nagios) Andreas Ericsson (Dec 08)