Package: nsca Version: 2.9.1-2 Severity: important Dear Maintainer,
While looking through the source of send_nsca.c I noticed there is a major bug in the loop that reads in data from stdin. An attacker could cause a buffer overflow in send_nsca by sending a payload larger than 5120 bytes with no occurences of 0x17. The patch included simply records the event and prevents the buffer overflow from occuring by truncating the payload. Best regards, Xiwen Patch: >From 06cd6b58b2d1488fbf64cd5f15f20df57e39a852 Mon Sep 17 00:00:00 2001 From: Xiwen Cheng <xiwen.ch...@mendix.com> Date: Mon, 20 Aug 2012 23:05:06 +0200 Subject: [PATCH] Fix potential buffer overflow --- src/send_nsca.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/send_nsca.c b/src/send_nsca.c index d44e7c1..07c5196 100644 --- a/src/send_nsca.c +++ b/src/send_nsca.c @@ -204,7 +204,11 @@ int main(int argc, char **argv){ input_buffer[pos] = c; c = getc(stdin); pos++; + if(pos>=MAX_INPUT_BUFFER-1){ + printf("Warning: packet[%d] truncated to %d bytes.\n",total_packets, MAX_INPUT_BUFFER); + break; } + } input_buffer[pos] = 0; strip(input_buffer); -- 1.7.10.4 -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages nsca depends on: ii confget 1.03-1 ii debconf [debconf-2.0] 1.5.44 ii libc6 2.13-33 ii libmcrypt4 2.5.8-3.1 ii nsca-client 2.9.1-2 nsca recommends no packages. Versions of packages nsca suggests: ii nagios-plugins-basic 1.4.16-1 pn nagios3 <none> -- debconf information excluded -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org