Nobuhiro Ban discovered that check_http in nagios-plugins did not properly sanitize its input when following redirection requests. A malicious remote web server could cause a denial of service or possibly execute arbitrary code as the user. (CVE-2007-5198)
Aravind Gottipati discovered that sslutils.c in nagios-plugins did not properly reset pointers to NULL. A malicious remote web server could cause a denial of service.
22 October 2007
A security issue affects these releases of Ubuntu and its derivatives:
Nobuhiro Ban discovered that check_http in nagios-plugins did not properly sanitize its input when following redirection requests. A malicious remote web server could cause a denial of service or possibly execute arbitrary code as the user. (CVE-2007-5198)
Aravind Gottipati discovered that sslutils.c in nagios-plugins did not properly reset pointers to NULL. A malicious remote web server could cause a denial of service.
Aravind Gottipati discovered that check_http in nagios-plugins did not properly calculate how much memory to reallocate when following redirection requests. A malicious remote web server could cause a denial of service.
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system upgrade is sufficient to effect the necessary changes.
Vulmon