CVE-2007-5198

Priority
Medium
Description
Buffer overflow in the redir function in check_http.c in Nagios Plugins
before 1.4.10, when running with the -f (follow) option, allows remote web
servers to execute arbitrary code via Location header responses (redirects)
with a large number of leading "L" characters.
References
Bugs
Notes
 jdstrand> supplied debdiff in LP doesn't address (fixed in CVS before 1.4.11)
  http://sourceforge.net/tracker/index.php?func=detail&aid=1813346&group_id=29880&atid=397597
 jdstrand> also has two DoS:
  http://sourceforge.net/tracker/index.php?func=detail&aid=1729692&group_id=29880&atid=397597
  http://nagiosplug.cvs.sourceforge.net/nagiosplug/nagiosplug/plugins/sslutils.c?r1=1.3&r2=1.4 (no bug report, see the changelog)
Package
Upstream:released (1.4.11)
More Information

Updated: 2017-12-15 20:25:31 UTC (commit 13913)