ID CVE-2006-2489
Summary Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a content length (Content-Length) HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162.
References
Vulnerable Configurations
  • cpe:2.3:a:nagios:nagios:1.0
    cpe:2.3:a:nagios:nagios:1.0
  • cpe:2.3:a:nagios:nagios:1.0b1
    cpe:2.3:a:nagios:nagios:1.0b1
  • cpe:2.3:a:nagios:nagios:1.0b2
    cpe:2.3:a:nagios:nagios:1.0b2
  • cpe:2.3:a:nagios:nagios:1.0b3
    cpe:2.3:a:nagios:nagios:1.0b3
  • cpe:2.3:a:nagios:nagios:1.0b4
    cpe:2.3:a:nagios:nagios:1.0b4
  • cpe:2.3:a:nagios:nagios:1.0b5
    cpe:2.3:a:nagios:nagios:1.0b5
  • cpe:2.3:a:nagios:nagios:1.0b6
    cpe:2.3:a:nagios:nagios:1.0b6
  • cpe:2.3:a:nagios:nagios:1.1
    cpe:2.3:a:nagios:nagios:1.1
  • cpe:2.3:a:nagios:nagios:1.2
    cpe:2.3:a:nagios:nagios:1.2
  • cpe:2.3:a:nagios:nagios:1.3
    cpe:2.3:a:nagios:nagios:1.3
  • cpe:2.3:a:nagios:nagios:1.4
    cpe:2.3:a:nagios:nagios:1.4
  • cpe:2.3:a:nagios:nagios:2.0
    cpe:2.3:a:nagios:nagios:2.0
  • cpe:2.3:a:nagios:nagios:2.0b1
    cpe:2.3:a:nagios:nagios:2.0b1
  • cpe:2.3:a:nagios:nagios:2.0b2
    cpe:2.3:a:nagios:nagios:2.0b2
  • cpe:2.3:a:nagios:nagios:2.0b3
    cpe:2.3:a:nagios:nagios:2.0b3
  • cpe:2.3:a:nagios:nagios:2.0b4
    cpe:2.3:a:nagios:nagios:2.0b4
  • cpe:2.3:a:nagios:nagios:2.0b5
    cpe:2.3:a:nagios:nagios:2.0b5
  • cpe:2.3:a:nagios:nagios:2.0b6
    cpe:2.3:a:nagios:nagios:2.0b6
  • cpe:2.3:a:nagios:nagios:2.0rc1
    cpe:2.3:a:nagios:nagios:2.0rc1
  • cpe:2.3:a:nagios:nagios:2.0rc2
    cpe:2.3:a:nagios:nagios:2.0rc2
  • cpe:2.3:a:nagios:nagios:2.1
    cpe:2.3:a:nagios:nagios:2.1
  • cpe:2.3:a:nagios:nagios:2.2
    cpe:2.3:a:nagios:nagios:2.2
  • cpe:2.3:a:nagios:nagios:2.3
    cpe:2.3:a:nagios:nagios:2.3
CVSS
Base: 7.5 (as of 22-05-2006 - 11:06)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1072.NASL
    description A buffer overflow has been discovered in nagios, a host, service and network monitoring and management system, that could be exploited by remote attackers to execute arbitrary code.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 22614
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22614
    title Debian DSA-1072-1 : nagios - buffer overflow
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-287-1.NASL
    description The nagios CGI scripts did not sufficiently check the validity of the HTTP Content-Length attribute. By sending a specially crafted HTTP request with an invalidly large Content-Length value to the Nagios server, a remote attacker could exploit this to execute arbitrary code with web server privileges. Please note that the Apache 2 web server already checks for valid Content-Length values, so installations using Apache 2 (the only web server officially supported in Ubuntu) are not vulnerable to this flaw. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-08-15
    plugin id 21612
    published 2006-05-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21612
    title Ubuntu 5.04 / 5.10 : nagios vulnerability (USN-287-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200605-07.NASL
    description The remote host is affected by the vulnerability described in GLSA-200605-07 (Nagios: Buffer overflow) Sebastian Krahmer of the SuSE security team discovered a buffer overflow vulnerability in the handling of a negative HTTP Content-Length header. Impact : A buffer overflow in Nagios CGI scripts under certain web servers allows remote attackers to execute arbitrary code via a negative content length HTTP header. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 21349
    published 2006-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21349
    title GLSA-200605-07 : Nagios: Buffer overflow
refmap via4
bid 18059
confirm http://www.nagios.org/development/changelog.php
debian DSA-1072
gentoo GLSA-200605-07
secunia
  • 20123
  • 20247
  • 20313
ubuntu USN-287-1
vupen ADV-2006-1822
xf nagios-contentlength-overflow(26454)
Last major update 07-03-2011 - 21:36
Published 19-05-2006 - 19:02
Last modified 03-10-2018 - 17:41
Back to Top