oss-sec mailing list archives
Re: Re-emergence of CVE-2008-4796 in Nagios current
From: Michael Gilbert <mgilbert () debian org>
Date: Fri, 3 May 2013 23:07:07 -0400
On Tue, Apr 30, 2013 at 7:28 PM, David Jorm wrote:
CVE-2008-4796 snoopy: command execution via shell metacharacters Was found in Nagios core by Grant Murphy. Filed upstream: http://tracker.nagios.org/view.php?id=449 We really need to start thinking about ways to find vulnerable copies of code and fixing them everywhere people have embedded them.Debian uses clonewise: https://github.com/silviocesare/Clonewise
There is also a human-researched list, which is never really up to date or anywhere near comprehensive: http://anonscm.debian.org/viewvc/secure-testing/data/embedded-code-copies?view=co Best wishes, Mike
Current thread:
- Re-emergence of CVE-2008-4796 in Nagios current Kurt Seifried (Apr 30)
- Re: Re-emergence of CVE-2008-4796 in Nagios current David Jorm (Apr 30)
- Re: Re-emergence of CVE-2008-4796 in Nagios current Michael Gilbert (May 03)
- Re: Re-emergence of CVE-2008-4796 in Nagios current David Jorm (Apr 30)