diff --git a/debian/changelog b/debian/changelog index 1cecebe..1a8e10b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +nagios-plugins (1.4-6sarge1) oldstable-security; urgency=high + + * Fix CVE-2007-5198 + + -- Moritz Muehlenhoff Tue, 5 Feb 2008 23:03:23 +0000 + nagios-plugins (1.4-6) unstable; urgency=low * Build-Depend on the *correct* libmysqlclient-dev diff --git a/debian/patches/00list b/debian/patches/00list index fe2ec93..34f0d80 100644 --- a/debian/patches/00list +++ b/debian/patches/00list @@ -2,3 +2,4 @@ 06_checkircd 08_subst 09_pssyntax +10_CVE-2007-5198 \ No newline at end of file diff --git a/debian/patches/10_CVE-2007-5198.dpatch b/debian/patches/10_CVE-2007-5198.dpatch new file mode 100644 index 0000000..2aadf6b --- /dev/null +++ b/debian/patches/10_CVE-2007-5198.dpatch @@ -0,0 +1,144 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 10_CVE-2007-5198 +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. + +@DPATCH@ +diff -aur nagios-plugins-1.4.orig/plugins/check_http.c nagios-plugins-1.4/plugins/check_http.c +--- nagios-plugins-1.4.orig/plugins/check_http.c 2005-01-21 00:40:30.000000000 +0100 ++++ nagios-plugins-1.4/plugins/check_http.c 2007-12-14 15:26:02.000000000 +0100 +@@ -34,7 +34,8 @@ + enum { + MAX_IPV4_HOSTLENGTH = 255, + HTTP_PORT = 80, +- HTTPS_PORT = 443 ++ HTTPS_PORT = 443, ++ MAX_PORT = 65535 + }; + + #ifdef HAVE_SSL_H +@@ -158,7 +159,7 @@ + + if (display_html == TRUE) + printf ("", +- use_ssl ? "https" : "http", host_name, ++ use_ssl ? "https" : "http", server_address, + server_port, server_url); + + /* initialize alarm signal handling, set socket timeout, start timer */ +@@ -1098,14 +1099,14 @@ + + /* per RFC 2396 */ + #define HDR_LOCATION "%*[Ll]%*[Oo]%*[Cc]%*[Aa]%*[Tt]%*[Ii]%*[Oo]%*[Nn]: " +-#define URI_HTTP "%[HTPShtps]://" +-#define URI_HOST "%[-.abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]" +-#define URI_PORT ":%[0123456789]" ++#define URI_HTTP "%5[HTPShtps]" ++#define URI_HOST "%255[-.abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]" ++#define URI_PORT "%6d" /* MAX_PORT's width is 5 chars, 6 to detect overflow */ + #define URI_PATH "%[-_.!~*'();/?:@&=+$,%#abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]" +-#define HD1 URI_HTTP URI_HOST URI_PORT URI_PATH +-#define HD2 URI_HTTP URI_HOST URI_PATH +-#define HD3 URI_HTTP URI_HOST URI_PORT +-#define HD4 URI_HTTP URI_HOST ++#define HD1 URI_HTTP "://" URI_HOST ":" URI_PORT "/" URI_PATH ++#define HD2 URI_HTTP "://" URI_HOST "/" URI_PATH ++#define HD3 URI_HTTP "://" URI_HOST ":" URI_PORT ++#define HD4 URI_HTTP "://" URI_HOST + #define HD5 URI_PATH + + void +@@ -1116,7 +1117,6 @@ + char xx[2]; + char type[6]; + char *addr; +- char port[6]; + char *url; + + addr = malloc (MAX_IPV4_HOSTLENGTH + 1); +@@ -1129,7 +1129,7 @@ + + while (pos) { + +- if (sscanf (pos, "%[Ll]%*[Oo]%*[Cc]%*[Aa]%*[Tt]%*[Ii]%*[Oo]%*[Nn]:%n", xx, &i) < 1) { ++ if (sscanf (pos, "%1[Ll]%*[Oo]%*[Cc]%*[Aa]%*[Tt]%*[Ii]%*[Oo]%*[Nn]:%n", xx, &i) < 1) { + + pos += (size_t) strcspn (pos, "\r\n"); + pos += (size_t) strspn (pos, "\r\n"); +@@ -1141,17 +1141,21 @@ + } + + pos += i; +- pos += strspn (pos, " \t\r\n"); ++ pos += strspn (pos, " \t"); ++ for (; (i = strspn (pos, "\r\n")); pos += i) { ++ pos += i; ++ if (!(i = strspn (pos, " \t"))) { ++ die (STATE_UNKNOWN, _("HTTP UNKNOWN - Empty redirect location%s\n"),display_html ? "" : ""); ++ } ++ } + +- url = realloc (url, strcspn (pos, "\r\n")); ++ url = realloc (url, strcspn (pos, "\r\n")+ 1); + if (url == NULL) + die (STATE_UNKNOWN, _("could not allocate url\n")); + + /* URI_HTTP, URI_HOST, URI_PORT, URI_PATH */ +- if (sscanf (pos, HD1, type, addr, port, url) == 4) { ++ if (sscanf (pos, HD1, type, addr, &i, url) == 4) + use_ssl = server_type_check (type); +- i = atoi (port); +- } + + /* URI_HTTP URI_HOST URI_PATH */ + else if (sscanf (pos, HD2, type, addr, url) == 3 ) { +@@ -1160,10 +1164,9 @@ + } + + /* URI_HTTP URI_HOST URI_PORT */ +- else if(sscanf (pos, HD3, type, addr, port) == 3) { ++ else if(sscanf (pos, HD3, type, addr, &i) == 3) { + strcpy (url, HTTP_URL); + use_ssl = server_type_check (type); +- i = atoi (port); + } + + /* URI_HTTP URI_HOST */ +@@ -1183,7 +1186,7 @@ + } + i = server_port; + strcpy (type, server_type); +- strcpy (addr, host_name); ++ strcpy (addr, server_address); + } + + else { +@@ -1209,7 +1212,6 @@ + _("WARNING - redirection creates an infinite loop - %s://%s:%d%s%s\n"), + type, addr, i, url, (display_html ? "" : "")); + +- server_port = i; + strcpy (server_type, type); + + free (host_name); +@@ -1219,7 +1221,18 @@ + server_address = strdup (addr); + + free (server_url); ++ if ((url[0] == '/')) + server_url = strdup (url); ++ else if (asprintf(&server_url, "/%s", url) == -1) ++ die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate server_url%s\n"), display_html ? "" : ""); ++ free(url); ++ ++ if ((server_port = i) > MAX_PORT) ++ die (STATE_UNKNOWN, _("HTTP UNKNOWN - Redirection to port above %d - %s://%s:%d%s%s\n"), ++ MAX_PORT, server_type, server_address, server_port, server_url, display_html ? "" : ""); ++ ++ if (verbose) ++ printf ("Redirection to %s://%s:%d%s\n", server_type, server_address, server_port, server_url); + + check_http (); + } + diff --git a/pkg/solaris/.cvsignore b/pkg/solaris/.cvsignore new file mode 100644 index 0000000..a6bb7e4 --- /dev/null +++ b/pkg/solaris/.cvsignore @@ -0,0 +1,2 @@ +.cvsignore +pkginfo diff --git a/pkg/solaris/pkginfo b/pkg/solaris/pkginfo new file mode 100644 index 0000000..e93df67 --- /dev/null +++ b/pkg/solaris/pkginfo @@ -0,0 +1,12 @@ +PKG="NAGplugin" +NAME="nagios-plugins" +DESC="Nagios network monitoring plugins" +ARCH="powerpc" +VERSION="1.4,REV=2005.02.04.00.49" +CATEGORY="application" +VENDOR="Nagios Plugin Development Team" +EMAIL="nagiosplug-devel@lists.sourceforge.net" +PSTAMP="nag20050204004941" +BASEDIR="/" +CLASSES="none" +