Nagios Plugins 2.0.2 Released!
Posted: Tue May 20, 2014 5:15 pm
The Nagios Plugins Development Team is proud to announce that nagios-plugins 2.0.2 has been released and is available for download.
This release was prompted a bit earlier than originally expected by a newly discovered security vulnerability reported by Dawid Golunski on exploit-db. It concerned an arbitrary file access vulnerability with the SUID binaries (check_icmp, check_dhcp) and the extra-opts configure flag (which is enabled by default). Fixes were applied globally, so the new restrictions on fopen should apply to all plugins.
Additionally, a few plugins were updated to successfully build on windows under cygwin, and some small changes were made to plugin output and verbosity.
A full list of included enhancements and fixes are listed below:
SECURITY FIXES
Fixed file access vulnerability with SUID binaries (check_icmp, check_dhcp) and extra-opts. Fixes were applied globally, so the new resrictions on fopen should apply to all plugins. Special thanks to Dawid Golunski for the submission. More information: http://www.exploit-db.com/exploits/33387/ (sreinhardt) (emislivec)
ENHANCEMENTS
check_disk – Now compiles in cygwin on windows (Gunnar Beutner)
check_ping – Now compiles in cygwin on windows (Gunnar Beutner)
check_users – Now compiles in cygwin on windows (Gunnar Beutner)
netutils.c – Connection error verbosity increased. C plugins will now differentiate file socket errors from connection errors (Davide Madrisan)
FIXES
check_nt.c – Changed ‘Mb’ to ‘MB’ in MEMUSE output for clarity (abrist)
This release was prompted a bit earlier than originally expected by a newly discovered security vulnerability reported by Dawid Golunski on exploit-db. It concerned an arbitrary file access vulnerability with the SUID binaries (check_icmp, check_dhcp) and the extra-opts configure flag (which is enabled by default). Fixes were applied globally, so the new restrictions on fopen should apply to all plugins.
Additionally, a few plugins were updated to successfully build on windows under cygwin, and some small changes were made to plugin output and verbosity.
A full list of included enhancements and fixes are listed below:
SECURITY FIXES
Fixed file access vulnerability with SUID binaries (check_icmp, check_dhcp) and extra-opts. Fixes were applied globally, so the new resrictions on fopen should apply to all plugins. Special thanks to Dawid Golunski for the submission. More information: http://www.exploit-db.com/exploits/33387/ (sreinhardt) (emislivec)
ENHANCEMENTS
check_disk – Now compiles in cygwin on windows (Gunnar Beutner)
check_ping – Now compiles in cygwin on windows (Gunnar Beutner)
check_users – Now compiles in cygwin on windows (Gunnar Beutner)
netutils.c – Connection error verbosity increased. C plugins will now differentiate file socket errors from connection errors (Davide Madrisan)
FIXES
check_nt.c – Changed ‘Mb’ to ‘MB’ in MEMUSE output for clarity (abrist)