[Nagiosplug-devel] [ nagiosplug-Bugs-1687867 ] check_http: buffer overflow vulnerability

[SourceForge.net]

Bugs item #1687867, was opened at 2007-03-26 01:37
Message generated for change (Settings changed) made by ban_nobuhiro
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1687867&group_id=29880

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: General plugin execution
Group: None
Status: Open
Resolution: None
>Priority: 7
Private: Yes
Submitted By: Nobuhiro Ban (ban_nobuhiro)
Assigned to: Nobody/Anonymous (nobody)
Summary: check_http: buffer overflow vulnerability

Initial Comment:
Description:
Buffer overflows within the redir() function of check_http.c
potentially allow remote attackers to execute arbitrary code
via crafted ``Location:'' responses.
This vulnerability is caused by passing insufficient length
buffers to sscanf().

Example of crafted ``Location:'' response:
o Location: htttttttttttttttttttttttttttttttttttttttttttp://example.com/
o Location: http://example.com:1234567890123456789012345678901234567890/
o Location: http://tooooooooooooooooooooooooooooooooooooooooooooooooooo.loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong.loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong.loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong.loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong.loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong.loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong.host-name.example.com/

Workaround:
Do not check untrusted web server with ``-f follow'' option.


----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1687867&group_id=29880