PublicDate: 2007-10-04 17:17:00 UTC
Candidate: CVE-2007-5198
References:
 https://ubuntu.com/security/notices/USN-532-1
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5198
Description:
 Buffer overflow in the redir function in check_http.c in Nagios Plugins
 before 1.4.10, when running with the -f (follow) option, allows remote web
 servers to execute arbitrary code via Location header responses (redirects)
 with a large number of leading "L" characters.
Ubuntu-Description:
Notes:
 jdstrand> supplied debdiff in LP doesn't address (fixed in CVS before 1.4.11)
   http://sourceforge.net/tracker/index.php?func=detail&aid=1813346&group_id=29880&atid=397597
 jdstrand> also has two DoS:
   http://sourceforge.net/tracker/index.php?func=detail&aid=1729692&group_id=29880&atid=397597
   http://nagiosplug.cvs.sourceforge.net/nagiosplug/nagiosplug/plugins/sslutils.c?r1=1.3&r2=1.4 (no bug report, see the changelog)
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/nagios-plugins/+bug/152624
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 
upstream_nagios-plugins: released (1.4.11)
dapper_nagios-plugins: released (1.4.2-5ubuntu3.1)
edgy_nagios-plugins: released (1.4.3.0cvs.20060707-3ubuntu0.1)
feisty_nagios-plugins: released (1.4.5-2ubuntu0.1)
gutsy_nagios-plugins: released (1.4.8-2.1ubuntu1.1)