[v2.5] Vulnerability in nagios < 3.4.4 allows remote code execution
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6096
Solution:
- Upgrade to 3.4.4 (edge, v2.5)
- Patches: (v2.4 and below)
http://nagios.svn.sourceforge.net/viewvc/nagios/nagioscore/trunk/cgi/getcgi.c?view=patch&r1=2547&r2=2546&pathrev=2547
http://nagios.svn.sourceforge.net/viewvc/nagios/nagioscore/trunk/cgi/history.c?view=patch&r1=2547&r2=2546&pathrev=2547
(from redmine: issue id 1700, created on 2013-03-19, closed on 2013-04-17)
- Changesets:
- Revision f862722c by Natanael Copa on 2013-04-12T08:56:00Z:
main/nagios: security upgrade to 3.4.4 (CVE-2012-6096)
fixes #1700
- Revision 91fdc7ad by Natanael Copa on 2014-04-17T11:20:04Z:
main/nagios: security upgrade to 3.4.4 (CVE-2012-6096)
ref #1700
(cherry picked from commit f862722c0f274948d520a9db535580aacaa86f65)