ID CVE-2006-2162
Summary Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before 2.3 allows remote attackers to execute arbitrary code via a negative content length (Content-Length) HTTP header.
References
Vulnerable Configurations
  • cpe:2.3:a:nagios:nagios:1.3
    cpe:2.3:a:nagios:nagios:1.3
  • cpe:2.3:a:nagios:nagios:2.2
    cpe:2.3:a:nagios:nagios:2.2
CVSS
Base: 5.0 (as of 03-05-2006 - 18:18)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_10984.NASL
    description An integer overflow exists within the handling of HTTP headers by CGIs. This could lead to arbitrary code execution by remote attackers on behalf of the Nagios CGI scripts. CVE-2006-2162 has been assigned to this issue.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 41089
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41089
    title SuSE9 Security Update : nagios-www (YOU Patch Number 10984)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1072.NASL
    description A buffer overflow has been discovered in nagios, a host, service and network monitoring and management system, that could be exploited by remote attackers to execute arbitrary code.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 22614
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22614
    title Debian DSA-1072-1 : nagios - buffer overflow
  • NASL family SuSE Local Security Checks
    NASL id SUSE_NAGIOS-WWW-1311.NASL
    description An Integer-Overflow exists within the handling of HTTP headers by CGIs. This could lead to arbitrary code execution by remote attackers on behalf of the Nagios CGI scripts. CVE-2006-2162 has been assigned to this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27360
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27360
    title openSUSE 10 Security Update : nagios-www (nagios-www-1311)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-282-1.NASL
    description The nagios CGI scripts did not sufficiently check the validity of the HTTP Content-Length attribute. By sending a specially crafted HTTP request with a negative Content-Length value to the Nagios server, a remote attacker could exploit this to execute arbitrary code with web server privileges. Please note that the Apache 2 web server already checks for valid Content-Length values, so installations using Apache 2 (the only web server officially supported in Ubuntu) are not vulnerable to this flaw. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-08-15
    plugin id 21376
    published 2006-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21376
    title Ubuntu 5.04 / 5.10 : nagios vulnerability (USN-282-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200605-07.NASL
    description The remote host is affected by the vulnerability described in GLSA-200605-07 (Nagios: Buffer overflow) Sebastian Krahmer of the SuSE security team discovered a buffer overflow vulnerability in the handling of a negative HTTP Content-Length header. Impact : A buffer overflow in Nagios CGI scripts under certain web servers allows remote attackers to execute arbitrary code via a negative content length HTTP header. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 21349
    published 2006-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21349
    title GLSA-200605-07 : Nagios: Buffer overflow
refmap via4
bid 17879
confirm
debian DSA-1072
gentoo GLSA-200605-07
secunia
  • 19991
  • 19998
  • 20013
  • 20215
  • 20247
suse SUSE-SR:2006:011
ubuntu USN-282-1
vupen ADV-2006-1662
xf nagios-multiple-scripts-bo(26253)
Last major update 07-03-2011 - 21:35
Published 03-05-2006 - 17:02
Last modified 03-10-2018 - 17:40
Back to Top