Upstream information
Description
Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a content length (Content-Length) HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having important severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 7.5 |
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | Partial |
Note from the SUSE Security Team
Only SUSE Linux Enterprise 9 is affected by this specific issue.We evaluated the problem and find that the integer overflow will not cause allocations smaller than the passed content_length.
First, less than 0 values are checked already.
Second, as there is only a addition of 1, only INT_MAX is overflowing the integer addition.
As malloc gets at least an unsigned integer, and content_length is signed integer, due to the generated code by the compiler of signed integer to unsigned integer promotion all supported platforms get a positive value than INT_MAX if INT_MAX is passed in and will either fail malloc or allocate a INT_MAX+1 bytes of memory.
This means none of our platforms is affected by this issue.
SUSE Bugzilla entry: 140494 [RESOLVED / FIXED] No SUSE Security Announcements cross referenced.SUSE Timeline for this CVE
CVE page created: Fri Jun 28 02:51:17 2013CVE page last modified: Fri Oct 7 12:45:33 2022