[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Re-emergence of CVE-2008-4796 in Nagios current
From: David Jorm <djorm () redhat ! com>
Date: 2013-04-30 23:28:28
Message-ID: 1762732498.4418861.1367364508771.JavaMail.root () redhat ! com
[Download RAW message or body]
> CVE-2008-4796 snoopy: command execution via shell metacharacters
>
> Was found in Nagios core by Grant Murphy.
>
> Filed upstream: http://tracker.nagios.org/view.php?id=449
>
> We really need to start thinking about ways to find vulnerable copies
> of code and fixing them everywhere people have embedded them.
Debian uses clonewise:
https://github.com/silviocesare/Clonewise
It is the best solution I've seen so far. It's been on my TODO list forever and a day to get it running for Fedora.
David
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic