On Mon, 2003-07-21 at 00:59, Ethan Galstad wrote:
> Anyone have any comments on this? NRPE doesn't use much other than=20
> standard socket functions (listen(), accept(), send(), etc.), so I'm=20
> not sure what I could do other than tell people to run NRPE under=20
> inetd/xinetd...
I don't know if people can help without having a copy of the advisory.=20
It might be useful to pass on the xinetd idea as a short-term workaround
while you/we look further into it. But if you present that as a final
solution, it's might to be taken as refusal to take bugs seriously.
--
Karl
>=20
>=20
> ------- Forwarded message follows -------
> Subject: Denial of Service Vulnerability in Nagios
> Date sent: Fri, 18 Jul 2003 09:18:07 -0700
> From: "Scott Behm"
> To: ,
> Copies to: "Gerhard Eschelbeck" ,
> "support-team"
>=20
>=20
> Nagios Security Team,
>=20
> Qualys has identified a denial of service vulnerability in Nagios=20
> Remote Plugin Executor v1.5 =B4 1.8, which has adversely affected our=20
> common customers. Enclosed is a draft copy of the Qualys Security=20
> Advisory. Please review and provide us with the following=20
> information:=20
>=20
> o Issue Resolution -- If Nagios is able to resolve the issue, please=20
> provide resolution details. Our common customers will be notified=20
> and Qualys Security Advisory QSA-2003-07-17 will not be required.=20
>=20
> o Tracking Number -- If Nagios has a fix in process, please provide=20
> a tracking number that can be shared with our common customers.=20
>=20
> o Comments =B4 If Nagios is unable to fix the issue, please provide=20
> comments, work-around or other input to be included in the Comments=20
> Section of Qualys Security Advisory QSA-2003-07.17.
>=20
> Please contact me at your earliest convenience. I look forward to=20
> hearing from you soon.=20
>=20
> Sincerely,=20
>=20
> Scott Behm=20
> Scanner Program Manager
> Qualys, Inc.=20
> (650)801-6132
> [email protected]
>=20
>=20
> ------- End of forwarded message -------
>=20
> Ethan Galstad,
> Nagios Developer
> ---
> Email: [email protected]
> Website: http://www.nagios.org
>=20
>=20
>=20
> -------------------------------------------------------
> This SF.net email is sponsored by: VM Ware
> With VMware you can run multiple operating systems on a single machine.
> WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
> same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
> _______________________________________________
> Nagios-devel mailing list
> [email protected]
> https://lists.sourceforge.net/lists/lis ... gios-devel
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]