Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2489

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-2489
Last Modified 07 Mar 2011 09:36:17
Published 19 May 2006 07:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2489

Summary

Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a content length (Content-Length) HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162.

Vulnerable Systems

Application

  • Nagios 1.0

  • Nagios 1.0b1

  • Nagios 1.0b2

  • Nagios 1.0b3

  • Nagios 1.0b4

  • Nagios 1.0b5

  • Nagios 1.0b6

  • Nagios 1.1

  • Nagios 1.2

  • Nagios 1.3

  • Nagios 1.4

  • Nagios 2.0

  • Nagios 2.0b1

  • Nagios 2.0b2

  • Nagios 2.0b3

  • Nagios 2.0b4

  • Nagios 2.0b5

  • Nagios 2.0b6

  • Nagios 2.0rc1

  • Nagios 2.0rc2

  • Nagios 2.1

  • Nagios 2.2

  • Nagios 2.3


References

SECUNIA - 20123

VUPEN - ADV-2006-1822

CONFIRM - http://www.nagios.org/development/changelog.php

XF - nagios-contentlength-overflow(26454)

UBUNTU - USN-287-1

BID - 18059

GENTOO - GLSA-200605-07

DEBIAN - DSA-1072

SECUNIA - 20313

SECUNIA - 20247


Last Updated: 27 May 2016 10:42:29