https://bugzilla.novell.com/show_bug.cgi?id=758086 https://bugzilla.novell.com/show_bug.cgi?id=758086#c0 Summary: check_ntp_peer buffer overflow Classification: openSUSE Product: openSUSE 11.4 Version: Final Platform: x86-64 OS/Version: SLES 11 Status: NEW Severity: Critical Priority: P5 - None Component: Other AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: kyle@lodge.glasgownet.com QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.162 Safari/535.19 check_ntp_peer suffers from a buffer overflow that has already been fixed upstream. The bug is still present in SLES 11.1 however. Reproducible: Always Steps to Reproduce: WMSR0007:/etc/nagios # /usr/lib/nagios/plugins/check_ntp_peer -H 10.240.64.39 -w 2 -c 3 *** buffer overflow detected ***: /usr/lib/nagios/plugins/check_ntp_peer terminated ======= Backtrace: ========= /lib64/libc.so.6(__fortify_fail+0x37)[0x7f0c02a46677] /lib64/libc.so.6(+0xe9310)[0x7f0c02a44310] /lib64/libc.so.6(__read_chk+0x28)[0x7f0c02a44888] /usr/lib/nagios/plugins/check_ntp_peer[0x402350] /usr/lib/nagios/plugins/check_ntp_peer[0x402df8] /lib64/libc.so.6(__libc_start_main+0xe6)[0x7f0c02979bc6] /usr/lib/nagios/plugins/check_ntp_peer[0x401469] ======= Memory map: ======== 00400000-00408000 r-xp 00000000 08:02 2926274 /usr/lib/nagios/plugins/check_ntp_peer 00607000-00608000 r--p 00007000 08:02 2926274 /usr/lib/nagios/plugins/check_ntp_peer 00608000-00609000 rw-p 00008000 08:02 2926274 /usr/lib/nagios/plugins/check_ntp_peer 00609000-0062a000 rw-p 00000000 00:00 0 [heap] 7f0c02744000-7f0c0275a000 r-xp 00000000 08:02 82038 /lib64/libgcc_s.so.1 7f0c0275a000-7f0c02959000 ---p 00016000 08:02 82038 /lib64/libgcc_s.so.1 7f0c02959000-7f0c0295a000 r--p 00015000 08:02 82038 /lib64/libgcc_s.so.1 7f0c0295a000-7f0c0295b000 rw-p 00016000 08:02 82038 /lib64/libgcc_s.so.1 7f0c0295b000-7f0c02ab0000 r-xp 00000000 08:02 81928 /lib64/libc-2.11.1.so 7f0c02ab0000-7f0c02caf000 ---p 00155000 08:02 81928 /lib64/libc-2.11.1.so 7f0c02caf000-7f0c02cb3000 r--p 00154000 08:02 81928 /lib64/libc-2.11.1.so 7f0c02cb3000-7f0c02cb4000 rw-p 00158000 08:02 81928 /lib64/libc-2.11.1.so 7f0c02cb4000-7f0c02cb9000 rw-p 00000000 00:00 0 7f0c02cb9000-7f0c02cbb000 r-xp 00000000 08:02 81934 /lib64/libdl-2.11.1.so 7f0c02cbb000-7f0c02ebb000 ---p 00002000 08:02 81934 /lib64/libdl-2.11.1.so 7f0c02ebb000-7f0c02ebc000 r--p 00002000 08:02 81934 /lib64/libdl-2.11.1.so 7f0c02ebc000-7f0c02ebd000 rw-p 00003000 08:02 81934 /lib64/libdl-2.11.1.so 7f0c02ebd000-7f0c02f12000 r-xp 00000000 08:02 81936 /lib64/libm-2.11.1.so 7f0c02f12000-7f0c03111000 ---p 00055000 08:02 81936 /lib64/libm-2.11.1.so 7f0c03111000-7f0c03112000 r--p 00054000 08:02 81936 /lib64/libm-2.11.1.so 7f0c03112000-7f0c03113000 rw-p 00055000 08:02 81936 /lib64/libm-2.11.1.so 7f0c03113000-7f0c03126000 r-xp 00000000 08:02 81956 /lib64/libresolv-2.11.1.so 7f0c03126000-7f0c03326000 ---p 00013000 08:02 81956 /lib64/libresolv-2.11.1.so 7f0c03326000-7f0c03327000 r--p 00013000 08:02 81956 /lib64/libresolv-2.11.1.so 7f0c03327000-7f0c03328000 rw-p 00014000 08:02 81956 /lib64/libresolv-2.11.1.so 7f0c03328000-7f0c0332a000 rw-p 00000000 00:00 0 7f0c0332a000-7f0c0333f000 r-xp 00000000 08:02 81939 /lib64/libnsl-2.11.1.so 7f0c0333f000-7f0c0353e000 ---p 00015000 08:02 81939 /lib64/libnsl-2.11.1.so 7f0c0353e000-7f0c0353f000 r--p 00014000 08:02 81939 /lib64/libnsl-2.11.1.so 7f0c0353f000-7f0c03540000 rw-p 00015000 08:02 81939 /lib64/libnsl-2.11.1.so 7f0c03540000-7f0c03542000 rw-p 00000000 00:00 0 7f0c03542000-7f0c03561000 r-xp 00000000 08:02 82193 /lib64/ld-2.11.1.so 7f0c035d2000-7f0c03611000 r--p 00000000 08:02 2959799 /usr/lib/locale/en_GB.utf8/LC_CTYPE 7f0c03611000-7f0c0372e000 r--p 00000000 08:02 2959800 /usr/lib/locale/en_GB.utf8/LC_COLLATE 7f0c0372e000-7f0c03732000 rw-p 00000000 00:00 0 7f0c0374e000-7f0c0374f000 r--p 00000000 08:02 2957346 /usr/lib/locale/en_GB.utf8/LC_NUMERIC 7f0c0374f000-7f0c03750000 r--p 00000000 08:02 2942566 /usr/lib/locale/en_GB.utf8/LC_TIME 7f0c03750000-7f0c03751000 r--p 00000000 08:02 2942612 /usr/lib/locale/en_GB.utf8/LC_MONETARY 7f0c03751000-7f0c03752000 r--p 00000000 08:02 2950253 /usr/lib/locale/en_GB.utf8/LC_MESSAGES/SYS_LC_MESSAGES 7f0c03752000-7f0c03753000 r--p 00000000 08:02 2957351 /usr/lib/locale/en_GB.utf8/LC_PAPER 7f0c03753000-7f0c03754000 r--p 00000000 08:02 2950198 /usr/lib/locale/en_GB.utf8/LC_NAME 7f0c03754000-7f0c03755000 r--p 00000000 08:02 2942548 /usr/lib/locale/en_GB.utf8/LC_ADDRESS 7f0c03755000-7f0c03756000 r--p 00000000 08:02 2942611 /usr/lib/locale/en_GB.utf8/LC_TELEPHONE 7f0c03756000-7f0c03757000 r--p 00000000 08:02 2959798 /usr/lib/locale/en_GB.utf8/LC_MEASUREMENT 7f0c03757000-7f0c0375e000 r--s 00000000 08:02 2828759 /usr/lib64/gconv/gconv-modules.cache 7f0c0375e000-7f0c0375f000 r--p 00000000 08:02 2941297 /usr/lib/locale/en_GB.utf8/LC_IDENTIFICATION 7f0c0375f000-7f0c03760000 rw-p 00000000 00:00 0 7f0c03760000-7f0c03761000 r--p 0001e000 08:02 82193 /lib64/ld-2.11.1.so 7f0c03761000-7f0c03762000 rw-p 0001f000 08:02 82193 /lib64/ld-2.11.1.so 7f0c03762000-7f0c03763000 rw-p 00000000 00:00 0 7fff81406000-7fff8141b000 rw-p 00000000 00:00 0 [stack] 7fff815ff000-7fff81600000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Aborted WMSR0007:/etc/nagios # WMSR0007:/etc/nagios # cat /etc/SuSE-release SUSE Linux Enterprise Server 11 (x86_64) VERSION = 11 PATCHLEVEL = 1 WMSR0007:/etc/nagios # uname -a Linux WMSR0007 2.6.32.54-0.3-default #1 SMP 2012-01-27 17:38:56 +0100 x86_64 x86_64 x86_64 GNU/Linux WMSR0007:/etc/nagios # rpm -qf /usr/lib/nagios/plugins/check_ntp_peer nagios-plugins-1.4.13-1.35 WMSR0007:/etc/nagios # Actual Results: execute /usr/lib/nagios/plugins/check_ntp_peer -H pool.ntp.org -w 2 -c 3 buffer overflow as described above Expected Results: NTP OK: Offset 0.00071 secs|offset=0.000710s;2.000000;3.000000; -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.