From: Russell S. <ru...@qu...> - 2002-08-09 14:36:54
|
As some of you may have read, there is new security exploit that has been discovered in Sun's XDR library. Overview There is an integer overflow present in the xdr_array() function distributed as part of the Sun Microsystems XDR library. This overflow has been shown to lead to remotely exploitable buffer overflows in multiple applications, leading to the execution of arbitrary code. Although the library was originally distributed by Sun Microsystems, multiple vendors have included the vulnerable code in their own implementations. Please go to http://www.cert.org/advisories/CA-2002-25.html for all the details. What I need to know is, does this affect Nagios at all. The sun XDR libraries are included in at least, libc, glibc (Linux), and libnsl (Solaris). I don't know if there is anything in the Nagios code that uses XDR (according to one of my bosses, almost everything uses XDR), but it should be looked into. Please, if you have any information, email the list back. Ethan, if you know one way or the other (if this affects Nagios or not), can you please send out an email so we all know. Thanks. -Russell Scibetti -- Russell Scibetti Quadrix Solutions, Inc. http://www.quadrix.com (732) 235-2335, ext. 7038 |