CVE-2007-5198

Priority
Description
Buffer overflow in the redir function in check_http.c in Nagios Plugins
before 1.4.10, when running with the -f (follow) option, allows remote web
servers to execute arbitrary code via Location header responses (redirects)
with a large number of leading "L" characters.
Notes
 jdstrand> supplied debdiff in LP doesn't address (fixed in CVS before 1.4.11)
  http://sourceforge.net/tracker/index.php?func=detail&aid=1813346&group_id=29880&atid=397597
 jdstrand> also has two DoS:
  http://sourceforge.net/tracker/index.php?func=detail&aid=1729692&group_id=29880&atid=397597
  http://nagiosplug.cvs.sourceforge.net/nagiosplug/nagiosplug/plugins/sslutils.c?r1=1.3&r2=1.4 (no bug report, see the changelog)
Package
Upstream:released (1.4.11)
More Information

Updated: 2019-03-19 11:43:50 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)