Debdiff for Intrepid SRU
nagios-plugins (1.4.11-2ubuntu2.1) intrepid-proposed; urgency=low
* Added 99_check_ntp_segfaults.dpatch: Fix for check_ntp and check_ntp_peer
segfaults (LP: #291265)
** Attachment added: "nagios-plugins_1.4.11-2ubuntu2.1.debdiff"
http://launchpadlibrarian.net/
SRU report
Bug impact: Make Nagios ntp_check and ntp_check_peer plugins unusable
under Intrepid. This is a regression, as this didn't trigger any error
on previous releases.
Jaunty bugfix: fixed released in 1.4.12-4ubuntu2
Minimal patch: see below.
TEST CASE:
$ sudo apt-get install nagios-plugi
Thank you for the job, mantainers and developers!
--
Buffer overflow in check_ntp_peer - Nagios can't check time servers in Intrepid
https://bugs.launchpad.net/bugs/291265
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nagios-plugins in u
This bug was fixed in the package nagios-plugins - 1.4.12-4ubuntu2
---
nagios-plugins (1.4.12-4ubuntu2) jaunty; urgency=low
* Added 99_check_ntp_segfaults.dpatch: Fix for check_ntp and check_ntp_peer
segfaults (LP: #291265)
-- Thierry Carrez <[EMAIL PROTECTED]> Wed, 19 Nov 2
Debdiff to fix this in the current development release
nagios-plugins (1.4.12-4ubuntu2) jaunty; urgency=low
* Added 99_check_ntp_segfaults.dpatch: Fix for check_ntp and check_ntp_peer
segfaults (LP: #291265)
** Attachment added: "nagios-plugins_1.4.12-4ubuntu2.debdiff"
http://launchpad
Fix is in SVN r2086:
http://nagiosplug.svn.sourceforge.net/viewvc/nagiosplug?view=rev&revision=2086
** Changed in: nagios-plugins (Ubuntu)
Assignee: (unassigned) => Thierry Carrez (tcarrez)
Status: Confirmed => In Progress
--
Buffer overflow in check_ntp_peer - Nagios can't check tim
Thanks Jamie, this will be fixed soon in SVN. See the sourceforge
tracker (Comment #2) for more details and updates.
FYI this bug is present in all version of check_ntp (in "plugins/" only)
and check_ntp_peer (from which the code was taken), it's just that for
some reasons it doesn't get triggered
I looked at this a bit, and the math seems to be wrong in this line:
#define SIZEOF_NTPCM(m) (12+ntohs(m.count)+((m.count)?4-(ntohs(m.count)%4):0))
In ntp_request we have (where MAX_CM_SIZE is defined as 468):
req.count=htons(MAX_CM_SIZE);
Which makes req.count = 54273. Later, we have:
if(read(co
It fails on line 264 on
if(read(conn, &req, SIZEOF_NTPCM(req)) == -1)
Upstream bug is:
http://sourceforge.net/tracker/?func=detail&atid=397597&aid=1999319&group_id=29880
It's closed by saying the bug is in _FORTIFY_SOURCE, as the author
checked that the "read" call should not exceed allocated val
Confirmed, something gets caught by the stack smashing police.
Regression in intrepid, as it was working well in hardy.
** Changed in: nagios-plugins (Ubuntu)
Importance: Undecided => High
Status: New => Confirmed
--
Buffer overflow in check_ntp_peer - Nagios can't check time servers i
10 matches
Mail list logo
