Nagios Plugins 2.0.2 Released!

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
abrist
Red Shirt
Posts: 8334
Joined: Thu Nov 15, 2012 1:20 pm

Nagios Plugins 2.0.2 Released!

Post by abrist »

The Nagios Plugins Development Team is proud to announce that nagios-plugins 2.0.2 has been released and is available for download.

This release was prompted a bit earlier than originally expected by a newly discovered security vulnerability reported by Dawid Golunski on exploit-db. It concerned an arbitrary file access vulnerability with the SUID binaries (check_icmp, check_dhcp) and the extra-opts configure flag (which is enabled by default). Fixes were applied globally, so the new restrictions on fopen should apply to all plugins.

Additionally, a few plugins were updated to successfully build on windows under cygwin, and some small changes were made to plugin output and verbosity.

A full list of included enhancements and fixes are listed below:

SECURITY FIXES

Fixed file access vulnerability with SUID binaries (check_icmp, check_dhcp) and extra-opts. Fixes were applied globally, so the new resrictions on fopen should apply to all plugins. Special thanks to Dawid Golunski for the submission. More information: http://www.exploit-db.com/exploits/33387/ (sreinhardt) (emislivec)

ENHANCEMENTS

check_disk – Now compiles in cygwin on windows (Gunnar Beutner)
check_ping – Now compiles in cygwin on windows (Gunnar Beutner)
check_users – Now compiles in cygwin on windows (Gunnar Beutner)
netutils.c – Connection error verbosity increased. C plugins will now differentiate file socket errors from connection errors (Davide Madrisan)

FIXES

check_nt.c – Changed ‘Mb’ to ‘MB’ in MEMUSE output for clarity (abrist)
Former Nagios employee
"It is turtles. All. The. Way. Down. . . .and maybe an elephant or two."
VI VI VI - The editor of the Beast!
Come to the Dark Side.
Locked