Stack-based buffer overflow vulnerability was discovered in the way check_snmp parses output of snmpget command. Long reply from malicious SNMP server may cause check_snmp to crash or possible execute code. Problem is reported here: https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1815362&group_id=29880 SF.net contains patch proposed by reporter, but it has not yet been accepted to upstream CVS/SVN.
Needs fixing also in F8 and devel. Ping on this.
nagios-plugins-1.4.8-9.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
Mike: Thanks for the package. Reopening this to track fixing in Fedora 8.
nagios-plugins-1.4.8-9.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
Could we also get epel4/epel5 updates please? Let me know when you have build them and I can push to stable for them...
Sorry guys, this one slipped through the cracks, its long been fixed in epel as well.