Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Buffer overflow Nagios-core 3.4 on status.cgi

https://support.nagios.com/forum/viewtopic.php?t=11519

Page 1 of 1

Buffer overflow Nagios-core 3.4 on status.cgi

Posted: Tue Aug 13, 2013 5:36 am
by J-B

Code: Select all

    [Tue Aug 13 11:47:11 2013] [error] [client 192.168.2.1] *** buffer overflow detected ***: /var/www/nagios3/cgi-bin/nagios3/status.cgi terminated, referer: https://Hostname.local/cgi-bin/nagios3/status.cgi?navbarsearch=1&host=core-rrz
    [Tue Aug 13 11:47:11 2013] [error] [client 192.168.2.1] ======= Backtrace: =========, referer: https://Hostname.local/cgi-bin/nagios3/status.cgi?navbarsearch=1&host=core-rrz
    [Tue Aug 13 11:47:11 2013] [error] [client 192.168.2.1] /lib/i386-linux-gnu/i686/cmov/libc.so.6(__fortify_fail+0x50)[0xb77063c0], referer: https://Hostname.local/cgi-bin/nagios3/status.cgi?navbarsearch=1&host=core-rrz
    [Tue Aug 13 11:47:11 2013] [error] [client 192.168.2.1] /lib/i386-linux-gnu/i686/cmov/libc.so.6(+0xe92fa)[0xb77052fa], referer: https://Hostname.local/cgi-bin/nagios3/status.cgi?navbarsearch=1&host=core-rrz
    [Tue Aug 13 11:47:11 2013] [error] [client 192.168.2.1] /lib/i386-linux-gnu/i686/cmov/libc.so.6(+0xe8a38)[0xb7704a38], referer: https://Hostname.local/cgi-bin/nagios3/status.cgi?navbarsearch=1&host=core-rrz
    [Tue Aug 13 11:47:11 2013] [error] [client 192.168.2.1] /lib/i386-linux-gnu/i686/cmov/libc.so.6(_IO_default_xsputn+0x9e)[0xb768b47e], referer: https://Hostname.local/cgi-bin/nagios3/status.cgi?navbarsearch=1&host=core-rrz
    [Tue Aug 13 11:47:11 2013] [error] [client 192.168.2.1] /lib/i386-linux-gnu/i686/cmov/libc.so.6(_IO_vfprintf+0xef4)[0xb765c954], referer: https://Hostname.local/cgi-bin/nagios3/status.cgi?navbarsearch=1&host=core-rrz
    [Tue Aug 13 11:47:11 2013] [error] [client 192.168.2.1] /lib/i386-linux-gnu/i686/cmov/libc.so.6(__vsprintf_chk+0xa7)[0xb7704ae7], referer: https://Hostname.local/cgi-bin/nagios3/status.cgi?navbarsearch=1&host=core-rrz
    [Tue Aug 13 11:47:11 2013] [error] [client 192.168.2.1] /lib/i386-linux-gnu/i686/cmov/libc.so.6(__sprintf_chk+0x2d)[0xb7704a2d], referer: https://Hostname.local/cgi-bin/nagios3/status.cgi?navbarsearch=1&host=core-rrz
    [Tue Aug 13 11:47:11 2013] [error] [client 192.168.2.1] /var/www/nagios3/cgi-bin/nagios3/status.cgi(+0x15055)[0xb77be055], referer: https://Hostname.local/cgi-bin/nagios3/status.cgi?navbarsearch=1&host=core-rrz
    [Tue Aug 13 11:47:11 2013] [error] [client 192.168.2.1] ======= Memory map: ========, referer: https://Hostname.local/cgi-bin/nagios3/status.cgi?navbarsearch=1&host=core-rrz
    [Tue Aug 13 11:47:11 2013] [error] [client 192.168.2.1] b75f5000-b7611000 r-xp 00000000 08:01 950287     /lib/i386-linux-gnu/libgcc_s.so.1, referer: https://Hostname.local/cgi-bin/nagios3/status.cgi?navbarsearch=1&host=core-rrz
    [Tue Aug 13 11:47:11 2013] [error] [client 192.168.2.1] b7611000-b7612000 rw-p 0001b000 08:01 950287     /lib/i386-linux-gnu/libgcc_s.so.1, referer: https://Hostname.local/cgi-bin/nagios3/status.cgi?navbarsearch=1&host=core-rrz
    [Tue Aug 13 11:47:11 2013] [error] [client 192.168.2.1] b761b000-b761c000 rw-p 00000000 00:00 0 , referer: https://Hostname.local/cgi-bin/nagios3/status.cgi?navbarsearch=1&host=core-rrz
    [Tue Aug 13 11:47:11 2013] [error] [client 192.168.2.1] b761c000-b7778000 r-xp 00000000 08:01 950718     /lib/i386-linux-gnu/i686/cmov/libc-2.13.so, referer: https://Hostname.local/cgi-bin/nagios3/status.cgi?navbarsearch=1&host=core-rrz
    [Tue Aug 13 11:47:11 2013] [error] [client 192.168.2.1] b7778000-b7779000 ---p 0015c000 08:01 950718     /lib/i386-linux-gnu/i686/cmov/libc-2.13.so, referer: https://Hostname.local/cgi-bin/nagios3/status.cgi?navbarsearch=1&host=core-rrz
    [Tue Aug 13 11:47:11 2013] [error] [client 192.168.2.1] b7779000-b777b000 r--p 0015c000 08:01 950718     /lib/i386-linux-gnu/i686/cmov/libc-2.13.so, referer: https://Hostname.local/cgi-bin/nagios3/status.cgi?navbarsearch=1&host=core-rrz
    [Tue Aug 13 11:47:11 2013] [error] [client 192.168.2.1] b777b000-b777c000 rw-p 0015e000 08:01 950718     /lib/i386-linux-gnu/i686/cmov/libc-2.13.so, referer: https://Hostname.local/cgi-bin/nagios3/status.cgi?navbarsearch=1&host=core-rrz
    [Tue Aug 13 11:47:11 2013] [error] [client 192.168.2.1] b777c000-b777f000 rw-p 00000000 00:00 0 , referer: https://Hostname.local/cgi-bin/nagios3/status.cgi?navbarsearch=1&host=core-rrz
    [Tue Aug 13 11:47:11 2013] [error] [client 192.168.2.1] b7787000-b778a000 rw-p 00000000 00:00 0 , referer: https://Hostname.local/cgi-bin/nagios3/status.cgi?navbarsearch=1&host=core-rrz
    [Tue Aug 13 11:47:11 2013] [error] [client 192.168.2.1] b778a000-b778b000 r-xp 00000000 00:00 0          [vdso], referer: https://Hostname.local/cgi-bin/nagios3/status.cgi?navbarsearch=1&host=core-rrz
    [Tue Aug 13 11:47:11 2013] [error] [client 192.168.2.1] b778b000-b77a7000 r-xp 00000000 08:01 951910     /lib/i386-linux-gnu/ld-2.13.so, referer: https://Hostname.local/cgi-bin/nagios3/status.cgi?navbarsearch=1&host=core-rrz
    [Tue Aug 13 11:47:11 2013] [error] [client 192.168.2.1] b77a7000-b77a8000 r--p 0001b000 08:01 951910     /lib/i386-linux-gnu/ld-2.13.so, referer: https://Hostname.local/cgi-bin/nagios3/status.cgi?navbarsearch=1&host=core-rrz
    [Tue Aug 13 11:47:11 2013] [error] [client 192.168.2.1] b77a8000-b77a9000 rw-p 0001c000 08:01 951910     /lib/i386-linux-gnu/ld-2.13.so, referer: https://Hostname.local/cgi-bin/nagios3/status.cgi?navbarsearch=1&host=core-rrz
    [Tue Aug 13 11:47:11 2013] [error] [client 192.168.2.1] b77a9000-b77f6000 r-xp 00000000 08:01 1828537    /var/www/nagios3/cgi-bin/nagios3/status.cgi, referer: https://Hostname.local/cgi-bin/nagios3/status.cgi?navbarsearch=1&host=core-rrz
    [Tue Aug 13 11:47:11 2013] [error] [client 192.168.2.1] b77f6000-b77f7000 r--p 0004c000 08:01 1828537    /var/www/nagios3/cgi-bin/nagios3/status.cgi, referer: https://Hostname.local/cgi-bin/nagios3/status.cgi?navbarsearch=1&host=core-rrz
    [Tue Aug 13 11:47:11 2013] [error] [client 192.168.2.1] b77f7000-b77f8000 rw-p 0004d000 08:01 1828537    /var/www/nagios3/cgi-bin/nagios3/status.cgi, referer: https://Hostname.local/cgi-bin/nagios3/status.cgi?navbarsearch=1&host=core-rrz
    [Tue Aug 13 11:47:11 2013] [error] [client 192.168.2.1] b77f8000-b77fb000 rw-p 00000000 00:00 0 , referer: https://Hostname.local/cgi-bin/nagios3/status.cgi?navbarsearch=1&host=core-rrz
    [Tue Aug 13 11:47:11 2013] [error] [client 192.168.2.1] b8c5d000-b905b000 rw-p 00000000 00:00 0          [heap], referer: https://Hostname.local/cgi-bin/nagios3/status.cgi?navbarsearch=1&host=core-rrz
    [Tue Aug 13 11:47:11 2013] [error] [client 192.168.2.1] bfc05000-bfc26000 rw-p 00000000 00:00 0          [stack], referer: https://Hostname.local/cgi-bin/nagios3/status.cgi?navbarsearch=1&host=core-rrz
Linux Debian wheezy (3.2.0-4-686-pae)
nagios 3.4.1-3 (debian)

Re: Buffer overflow Nagios-core 3.4 on status.cgi

Posted: Tue Aug 13, 2013 9:08 am
by J-B
It is a bug with german "umlaute" that get a buffer overflow to status.cgi.

Re: Buffer overflow Nagios-core 3.4 on status.cgi

Posted: Tue Aug 13, 2013 10:38 am
by abrist
This may have been fixed in 3.5.0, as there were a number of internationalization issues fixed for 3.5.0. I would suggest upgrading and then testing again. If the issue is not resolved in the latest release, submit a bug on the tracker: http://tracker.nagios.org
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited