svn commit: r339690 - in branches/2014Q1: net-mgmt/nagios net-mgmt/nagios/files security/vuxml
Mathieu Arnold
mat at FreeBSD.org
Tue Jan 14 15:11:39 UTC 2014
Author: mat
Date: Tue Jan 14 15:11:38 2014
New Revision: 339690
URL: http://svnweb.freebsd.org/changeset/ports/339690
Log:
MFH: r339686, r339689
* Add a patch from upstream fixing a cgi vulnerability
Poked by: ohauer
Security: CVE-2013-7108 CVE-2013-7205
Added:
branches/2014Q1/net-mgmt/nagios/files/patch-d97e03f32741a7d851826b03ed73ff4c9612a866
- copied unchanged from r339689, head/net-mgmt/nagios/files/patch-d97e03f32741a7d851826b03ed73ff4c9612a866
Modified:
branches/2014Q1/net-mgmt/nagios/Makefile
branches/2014Q1/security/vuxml/vuln.xml
Directory Properties:
branches/2014Q1/ (props changed)
Modified: branches/2014Q1/net-mgmt/nagios/Makefile
==============================================================================
--- branches/2014Q1/net-mgmt/nagios/Makefile Tue Jan 14 14:23:36 2014 (r339689)
+++ branches/2014Q1/net-mgmt/nagios/Makefile Tue Jan 14 15:11:38 2014 (r339690)
@@ -3,6 +3,7 @@
PORTNAME= nagios
PORTVERSION= 3.5.1
+PORTREVISION= 3
CATEGORIES= net-mgmt
MASTER_SITES= SF/${PORTNAME}/${PORTNAME}-3.x/${PORTNAME}-${PORTVERSION}
@@ -97,7 +98,7 @@ post-extract:
.include <bsd.port.options.mk>
post-patch:
- @${REINPLACE_CMD} -e '/^INSTALL_OPTS=/d' `${FIND} ${WRKSRC} -name Makefile.in`
+ @${REINPLACE_CMD} -e '/^INSTALL_OPTS=/d;/^COMMAND_OPTS=/d' `${FIND} ${WRKSRC} -name Makefile.in`
.if ${PORT_OPTIONS:MUNHANDLED_HACK}
@${REINPLACE_CMD} -e 's#;serviceprops=42\&#;serviceprops=10\&#g' \
-e 's#;hostprops=42\"#;hostprops=10\"#g' ${WRKSRC}/html/side.php
Copied: branches/2014Q1/net-mgmt/nagios/files/patch-d97e03f32741a7d851826b03ed73ff4c9612a866 (from r339689, head/net-mgmt/nagios/files/patch-d97e03f32741a7d851826b03ed73ff4c9612a866)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2014Q1/net-mgmt/nagios/files/patch-d97e03f32741a7d851826b03ed73ff4c9612a866 Tue Jan 14 15:11:38 2014 (r339690, copy of r339689, head/net-mgmt/nagios/files/patch-d97e03f32741a7d851826b03ed73ff4c9612a866)
@@ -0,0 +1,175 @@
+commit d97e03f32741a7d851826b03ed73ff4c9612a866
+Author: Eric Stanley <estanley at nagios.com>
+Date: 2013-12-20 13:14:30 -0600
+
+ CGIs: Fixed minor vulnerability where a custom query could crash the CGI.
+
+ Most CGIs previously incremented the input variable counter twice when
+ it encountered a long key value. This could cause the CGI to read past
+ the end of the list of CGI variables. This commit removes the second
+ increment, removing the possibility of reading past the end of the list
+ of CGI variables.
+
+diff --git ./cgi/avail.c ./cgi/avail.c
+index 76afd86..64eaadc 100644
+--- ./cgi/avail.c
++++ ./cgi/avail.c
+@@ -1096,7 +1096,6 @@ int process_cgivars(void) {
+
+ /* do some basic length checking on the variable identifier to prevent buffer overflows */
+ if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+- x++;
+ continue;
+ }
+
+diff --git ./cgi/cmd.c ./cgi/cmd.c
+index fa6cf5a..50504eb 100644
+--- ./cgi/cmd.c
++++ ./cgi/cmd.c
+@@ -311,7 +311,6 @@ int process_cgivars(void) {
+
+ /* do some basic length checking on the variable identifier to prevent buffer overflows */
+ if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+- x++;
+ continue;
+ }
+
+diff --git ./cgi/config.c ./cgi/config.c
+index f061b0f..3360e70 100644
+--- ./cgi/config.c
++++ ./cgi/config.c
+@@ -344,7 +344,6 @@ int process_cgivars(void) {
+
+ /* do some basic length checking on the variable identifier to prevent buffer overflows */
+ if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+- x++;
+ continue;
+ }
+
+diff --git ./cgi/extinfo.c ./cgi/extinfo.c
+index 62a1b18..5113df4 100644
+--- ./cgi/extinfo.c
++++ ./cgi/extinfo.c
+@@ -591,7 +591,6 @@ int process_cgivars(void) {
+
+ /* do some basic length checking on the variable identifier to prevent buffer overflows */
+ if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+- x++;
+ continue;
+ }
+
+diff --git ./cgi/histogram.c ./cgi/histogram.c
+index 4616541..f6934d0 100644
+--- ./cgi/histogram.c
++++ ./cgi/histogram.c
+@@ -1060,7 +1060,6 @@ int process_cgivars(void) {
+
+ /* do some basic length checking on the variable identifier to prevent buffer overflows */
+ if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+- x++;
+ continue;
+ }
+
+diff --git ./cgi/notifications.c ./cgi/notifications.c
+index 8ba11c1..461ae84 100644
+--- ./cgi/notifications.c
++++ ./cgi/notifications.c
+@@ -327,7 +327,6 @@ int process_cgivars(void) {
+
+ /* do some basic length checking on the variable identifier to prevent buffer overflows */
+ if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+- x++;
+ continue;
+ }
+
+diff --git ./cgi/outages.c ./cgi/outages.c
+index 426ede6..cb58dee 100644
+--- ./cgi/outages.c
++++ ./cgi/outages.c
+@@ -225,7 +225,6 @@ int process_cgivars(void) {
+
+ /* do some basic length checking on the variable identifier to prevent buffer overflows */
+ if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+- x++;
+ continue;
+ }
+
+diff --git ./cgi/status.c ./cgi/status.c
+index 3253340..4ec1c92 100644
+--- ./cgi/status.c
++++ ./cgi/status.c
+@@ -567,7 +567,6 @@ int process_cgivars(void) {
+
+ /* do some basic length checking on the variable identifier to prevent buffer overflows */
+ if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+- x++;
+ continue;
+ }
+
+diff --git ./cgi/statusmap.c ./cgi/statusmap.c
+index ea48368..2580ae5 100644
+--- ./cgi/statusmap.c
++++ ./cgi/statusmap.c
+@@ -400,7 +400,6 @@ int process_cgivars(void) {
+
+ /* do some basic length checking on the variable identifier to prevent buffer overflows */
+ if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+- x++;
+ continue;
+ }
+
+diff --git ./cgi/statuswml.c ./cgi/statuswml.c
+index bd8cea2..d25abef 100644
+--- ./cgi/statuswml.c
++++ ./cgi/statuswml.c
+@@ -226,8 +226,13 @@ int process_cgivars(void) {
+
+ for(x = 0; variables[x] != NULL; x++) {
+
++ /* do some basic length checking on the variable identifier to prevent buffer overflows */
++ if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
++ continue;
++ }
++
+ /* we found the hostgroup argument */
+- if(!strcmp(variables[x], "hostgroup")) {
++ else if(!strcmp(variables[x], "hostgroup")) {
+ display_type = DISPLAY_HOSTGROUP;
+ x++;
+ if(variables[x] == NULL) {
+diff --git ./cgi/summary.c ./cgi/summary.c
+index 126ce5e..749a02c 100644
+--- ./cgi/summary.c
++++ ./cgi/summary.c
+@@ -725,7 +725,6 @@ int process_cgivars(void) {
+
+ /* do some basic length checking on the variable identifier to prevent buffer overflows */
+ if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+- x++;
+ continue;
+ }
+
+diff --git ./cgi/trends.c ./cgi/trends.c
+index b35c18e..895db01 100644
+--- ./cgi/trends.c
++++ ./cgi/trends.c
+@@ -1263,7 +1263,6 @@ int process_cgivars(void) {
+
+ /* do some basic length checking on the variable identifier to prevent buffer overflows */
+ if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+- x++;
+ continue;
+ }
+
+diff --git ./contrib/daemonchk.c ./contrib/daemonchk.c
+index 78716e5..9bb6c4b 100644
+--- ./contrib/daemonchk.c
++++ ./contrib/daemonchk.c
+@@ -174,7 +174,6 @@ static int process_cgivars(void) {
+
+ /* do some basic length checking on the variable identifier to prevent buffer overflows */
+ if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) {
+- x++;
+ continue;
+ }
+ }
Modified: branches/2014Q1/security/vuxml/vuln.xml
==============================================================================
--- branches/2014Q1/security/vuxml/vuln.xml Tue Jan 14 14:23:36 2014 (r339689)
+++ branches/2014Q1/security/vuxml/vuln.xml Tue Jan 14 15:11:38 2014 (r339690)
@@ -51,6 +51,36 @@ Note: Please add new entries to the beg
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="ba04a373-7d20-11e3-8992-00132034b086">
+ <topic>nagios -- denial of service vulnerability</topic>
+ <affects>
+ <package>
+ <name>nagios</name>
+ <range><lt>3.5.1_3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Eric Stanley reports:</p>
+ <blockquote cite="http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/">
+ <p>Most CGIs previously incremented the input variable counter twice
+ when it encountered a long key value. This could cause the CGI to
+ read past the end of the list of CGI variables.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2013-7108</cvename>
+ <cvename>CVE-2013-7205</cvename>
+ <url>http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/</url>
+ <url>https://bugzilla.redhat.com/show_bug.cgi?id=1046113</url>
+ </references>
+ <dates>
+ <discovery>2013-12-20</discovery>
+ <entry>2014-01-14</entry>
+ </dates>
+ </vuln>
+
<vuln vid="cb252f01-7c43-11e3-b0a6-005056a37f68">
<topic>bind -- denial of service vulnerability</topic>
<affects>
More information about the svn-ports-all
mailing list