CVE-2006-2489

Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a content length (Content-Length) HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162.

Affected Software

Name	Vendor	Start Version	End Version
Nagios	Nagios	1.0 (including)	1.0 (including)
Nagios	Nagios	1.0b1 (including)	1.0b1 (including)
Nagios	Nagios	1.0b2 (including)	1.0b2 (including)
Nagios	Nagios	1.0b3 (including)	1.0b3 (including)
Nagios	Nagios	1.0b4 (including)	1.0b4 (including)
Nagios	Nagios	1.0b5 (including)	1.0b5 (including)
Nagios	Nagios	1.0b6 (including)	1.0b6 (including)
Nagios	Nagios	1.1 (including)	1.1 (including)
Nagios	Nagios	1.2 (including)	1.2 (including)
Nagios	Nagios	1.3 (including)	1.3 (including)
Nagios	Nagios	1.4 (including)	1.4 (including)
Nagios	Nagios	2.0 (including)	2.0 (including)
Nagios	Nagios	2.0b1 (including)	2.0b1 (including)
Nagios	Nagios	2.0b2 (including)	2.0b2 (including)
Nagios	Nagios	2.0b3 (including)	2.0b3 (including)
Nagios	Nagios	2.0b4 (including)	2.0b4 (including)
Nagios	Nagios	2.0b5 (including)	2.0b5 (including)
Nagios	Nagios	2.0b6 (including)	2.0b6 (including)
Nagios	Nagios	2.0rc1 (including)	2.0rc1 (including)
Nagios	Nagios	2.0rc2 (including)	2.0rc2 (including)
Nagios	Nagios	2.1 (including)	2.1 (including)
Nagios	Nagios	2.2 (including)	2.2 (including)
Nagios	Nagios	2.3 (including)	2.3 (including)
Nagios	Ubuntu	dapper	*
Nagios	Ubuntu	devel	*
Nagios	Ubuntu	edgy	*
Nagios	Ubuntu	feisty	*
Nagios2	Ubuntu	devel	*
Nagios2	Ubuntu	edgy	*
Nagios2	Ubuntu	feisty	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-2489
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References