Buffer Overflow Vulnerability in Nagios Plugins Affects Remote Web Servers
CVE-2007-5198

Currently unrated

Key Information:

Vendor: Nagios
Status: Plugins
Vendor: CVE Published:; 4 October 2007

What is CVE-2007-5198?

A buffer overflow vulnerability exists in the redir function within check_http.c of Nagios Plugins prior to version 1.4.10. This vulnerability can be exploited when the plugin is executed with the -f (follow) option. An attacker can craft a specially formatted Location header response from a remote web server that includes an excessive number of leading 'L' characters. If successful, this can lead to arbitrary code execution on the affected system, potentially compromising its integrity and confidentiality.

References

http://secunia.com/advisories/27965

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2007/3394

vdb-entryx_refsource_VUPEN

http://bugs.gentoo.org/show_bug.cgi?id=194178

x_refsource_CONFIRM

EPSS Score

15% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 4, 2007
Vulnerability Reserved
Oct 4, 2007