Anyone have any comments on this? NRPE doesn't use much other than
standard socket functions (listen(), accept(), send(), etc.), so I'm
not sure what I could do other than tell people to run NRPE under
inetd/xinetd...
------- Forwarded message follows -------
Subject: Denial of Service Vulnerability in Nagios
Date sent: Fri, 18 Jul 2003 09:18:07 -0700
From: "Scott Behm"
To: ,
Copies to: "Gerhard Eschelbeck" ,
"support-team"
Nagios Security Team,
Qualys has identified a denial of service vulnerability in Nagios
Remote Plugin Executor v1.5 =93 1.8, which has adversely affected our
common customers. Enclosed is a draft copy of the Qualys Security
Advisory. Please review and provide us with the following
information:
o Issue Resolution -- If Nagios is able to resolve the issue, please
provide resolution details. Our common customers will be notified
and Qualys Security Advisory QSA-2003-07-17 will not be required.
o Tracking Number -- If Nagios has a fix in process, please provide
a tracking number that can be shared with our common customers.
o Comments =93 If Nagios is unable to fix the issue, please provide
comments, work-around or other input to be included in the Comments
Section of Qualys Security Advisory QSA-2003-07.17.
Please contact me at your earliest convenience. I look forward to
hearing from you soon.
Sincerely,
Scott Behm
Scanner Program Manager
Qualys, Inc.
(650)801-6132
[email protected]
------- End of forwarded message -------
Ethan Galstad,
Nagios Developer
---
Email: [email protected]
Website: http://www.nagios.org
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]