As some of you may have read, there is new security exploit that has
been discovered in Sun's XDR library.
Overview
There is an integer overflow present in the xdr_array()
function distributed as part of the Sun Microsystems XDR library. This
overflow has been shown to lead to remotely exploitable buffer overflows
in multiple applications, leading to the execution of arbitrary
code. Although the library was originally distributed by Sun
Microsystems, multiple vendors have included the vulnerable code in their
own implementations.
Please go to http://www.cert.org/advisories/CA-2002-25.html for all the
details.
What I need to know is, does this affect Nagios at all. The sun XDR
libraries are included in at least, libc, glibc (Linux), and libnsl
(Solaris). I don't know if there is anything in the Nagios code that
uses XDR (according to one of my bosses, almost everything uses XDR),
but it should be looked into.
Please, if you have any information, email the list back. Ethan, if you
know one way or the other (if this affects Nagios or not), can you
please send out an email so we all know. Thanks.
-Russell Scibetti
--
Russell Scibetti
Quadrix Solutions, Inc.
http://www.quadrix.com
(732) 235-2335, ext. 7038
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: russell@quadrix.com