[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2013-2029: Nagios RPM nagios.upgrade_to_v3.sh
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2013-04-30 20:34:40
Message-ID: 51802AE0.60502 () redhat ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This was found by Grant Murphy

So most Nagios RPM files seem to include a copy of
"nagios.upgrade_to_v3.sh" which contains the following code:

 tmp1=/tmp/nagioscfg.$$.tmp
...
cat $nagios_cfg | sed --regexp-extended
"s/^(\s*check_result_buffer_slots\s*=\s*)/# Line Commented out for
Nagios v3 Compatibility\n#\1/g" > $tmp1
...
diff_output=`diff -u $nagios_cfg $tmp1`
...
   mv $tmp1 $nagios_cfg

Oops.

Covered in https://bugzilla.redhat.com/show_bug.cgi?id=958015

Please use CVE-2013-2029 for this issue.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRgCrgAAoJEBYNRVNeJnmTAsMQAL0d2qJCKO24AP15MT7Au4I7
71VGuuUs2qcfrKBgCBkC+zIOn50e8P+k/MSTXcfbbSlzfr/LFGF4FJfEAEM9vnlv
QJ++YJwDdSiqznwAPJEF3fXj2kflkAAqd8mPTLHBMh6Ow33e6vmBzl0JBcd8W96A
mKlx5dX/7ICCxzNWBZxIP31FaBwvaLGOkbe5cFtBr6LYH2KEmlHCEg6NgFi3BCZJ
a61d3WgoUjEd1M0H10sbM+di1VJFKgzgpXOkNW93b+XjPLan0Dmvc/9wAAWq0NMX
E+tKMUxQc8Pwbpu/QhUs34gFvh2myMhUeLlvW39ccpaWclfqkn7pMeWPJKmYE4Ew
FcSl8SOm4HVK1I1II2w/NCnpsqO/XgAEtAVaG0622jzUICZhf6c7NYoxoO5/kPjO
WK4T3vUPcSkrR2xTYJb3uKkEiKOo80uDGS4MHwVwhsz93oX2T15RP+2yGDwePPPs
NdfzRVUPiLFz1BHECvF7D58HXb056nbexlj8GYt0NKkipi0YHraMu+dprumX4YEk
2H9RXaGGLEc4s7XCurOqF8L2TnOmvbFnOS62oCYm0rrdGtxKhhv+MEm/yJBbsWLi
4kO1V23IVl4TuUVBri4wzeVBMBCxJPaABN1D30TaXwBAy0eTGzxM60hWacVeyrBP
SljhlBPyI9nTtM5TMcMQ
=8bFP
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]