[Nagios-announce] Nagios Plugins 2.0.2 Released


#1

The Nagios Plugins Development Team is proud to announce that nagios-plugins 2.0.2 has been released and is available for download (http://nagios-plugins.org/downloads/).

This release was prompted a bit earlier than originally expected by a newly discovered security vulnerability reported by Dawid Golunski on exploit-db (http://www.exploit-db.com/exploits/33387/). It concerned an arbitrary file access vulnerability with the SUID binaries (check_icmp,
check_dhcp) and the extra-opts configure flag (which is enabled by default). Fixes were applied globally, so the new restrictions on fopen should apply to all plugins.

Additionally, a few plugins were updated to successfully build on windows under cygwin, and some small changes were made to plugin output and verbosity.

A full list of included enhancements and fixes are listed below:

SECURITY FIXES

 Fixed file access vulnerability with SUID binaries (check_icmp,

check_dhcp) and extra-opts. Fixes were applied globally, so the new resrictions on fopen should apply to all plugins. Special thanks to Dawid Golunski for the submission. More information:
http://www.exploit-db.com/exploits/33387/ (sreinhardt) (emislivec)

ENHANCEMENTS

 check_disk – Now compiles in cygwin on windows (Gunnar Beutner)
 check_ping – Now compiles in cygwin on windows (Gunnar Beutner)
 check_users – Now compiles in cygwin on windows (Gunnar Beutner)
 netutils.c – Connection error verbosity increased. C plugins will now differentiate file socket errors from connection errors (Davide

Madrisan)

FIXES

 check_nt.c – Changed ‘Mb’ to ‘MB’ in MEMUSE output for clarity (abrist)


Andy Brist
Nagios Plugins Development Team Lead
Technical Support Team


Nagios Enterprises, LLC
Office: (888)NAGIOS-1
Intl: (651)204-9102
Fax: (651)204-9103
Email: [email protected]
Web: http://www.nagios.com


Nagios-announce mailing list
[email protected]
http://lists.nagios.com/mailman/listinfo/nagios-announce