'Re: [oss-security] Re-emergence of CVE-2008-4796 in Nagios current'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Re-emergence of CVE-2008-4796 in Nagios current
From:       David Jorm <djorm () redhat ! com>
Date:       2013-04-30 23:28:28
Message-ID: 1762732498.4418861.1367364508771.JavaMail.root () redhat ! com
[Download RAW message or body]

> CVE-2008-4796 snoopy: command execution via shell metacharacters
> 
> Was found in Nagios core by Grant Murphy.
> 
> Filed upstream: http://tracker.nagios.org/view.php?id=449
> 
> We really need to start thinking about ways to find vulnerable copies
> of code and fixing them everywhere people have embedded them.

Debian uses clonewise:

https://github.com/silviocesare/Clonewise

It is the best solution I've seen so far. It's been on my TODO list forever and a day to get it running for Fedora.

David
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic