oss-sec mailing list archives
Re: Nagios format string issues
From: Oden Eriksson <oeriksson () mandriva com>
Date: Wed, 6 Oct 2010 12:25:10 +0200
tisdagen den 5 oktober 2010 20.21.02 skrev Florian Weimer:
Nagios Core 3.2.3 inclues fixes for a few format string bugs: <http://article.gmane.org/gmane.network.nagios.announce/85> The patch Guillaume submitted is here: <http://article.gmane.org/gmane.network.nagios.devel/7493> Does anybody know if this is on an exploitable code path?
We have a whole bunch of similar patches in Mandriva, just fetch the cooker source rpm packages and do something like: rpm -qlp *.src,rpm | grep format It would be a major task to push that to the upstream projects. Just checked the ones I fixed (in 2008/2009): $ rpm -qlp /SRPMS/contrib/release/*.rpm /SRPMS/main/release/*.rpm | grep format_not_a_string_literal_and_no_format_arguments | wc -l 106 So, at least 106 new CVE assignments there. Cheers. -- Regards // Oden Eriksson Security team manager - Mandriva CEO NUX AB
Current thread:
- Nagios format string issues Florian Weimer (Oct 05)
- Re: Nagios format string issues Oden Eriksson (Oct 06)
- <Possible follow-ups>
- Re: Nagios format string issues Josh Bressers (Oct 06)
- Re: Nagios format string issues Steven M. Christey (Oct 06)
- Re: Nagios format string issues Oden Eriksson (Oct 06)
- Re: Nagios format string issues Tomas Hoger (Oct 07)
- Re: Nagios format string issues Oden Eriksson (Oct 12)