The Nagios Plugins Development Team is proud to announce that nagios-plugins 2.0.2 has been released and is available for download.
This release was prompted a bit earlier than originally expected by a newly discovered security vulnerability reported by Dawid Golunski on exploit-db. It concerned an arbitrary file access vulnerability with the SUID binaries (check_icmp, check_dhcp) and the extra-opts configure flag (which is enabled by default). Fixes were applied globally, so the new restrictions on fopen should apply to all plugins.
Additionally, a few plugins were updated to successfully build on windows under cygwin, and some small changes were made to plugin output and verbosity.
A full list of included enhancements and fixes are listed below:
SECURITY FIXES
Fixed file access vulnerability with SUID binaries (check_icmp, check_dhcp) and extra-opts. Fixes were applied globally, so the new resrictions on fopen should apply to all plugins. Special thanks to Dawid Golunski for the submission. More information: http://www.exploit-db.com/exploits/33387/ (sreinhardt) (emislivec)
ENHANCEMENTS
check_disk – Now compiles in cygwin on windows (Gunnar Beutner)
check_ping – Now compiles in cygwin on windows (Gunnar Beutner)
check_users – Now compiles in cygwin on windows (Gunnar Beutner)
netutils.c – Connection error verbosity increased. C plugins will now differentiate file socket errors from connection errors (Davide Madrisan)
FIXES
check_nt.c – Changed ‘Mb’ to ‘MB’ in MEMUSE output for clarity (abrist)
Nagios Plugins 2.0.2 Released!
Nagios Plugins 2.0.2 Released!
Former Nagios employee
"It is turtles. All. The. Way. Down. . . .and maybe an elephant or two."
VI VI VI - The editor of the Beast!
Come to the Dark Side.
"It is turtles. All. The. Way. Down. . . .and maybe an elephant or two."
VI VI VI - The editor of the Beast!
Come to the Dark Side.