ld-musl / nagios: crashing (possible security issue!)
I'm trying to run nagios with lighttpd under Alpine 3.13.
I found that trac.cgi (nagios) is continuously crashing and tracked this down to that trac.cgi is unable to safely parse the cookies, the webserver passes to the cgi.
Just run from command line
REQUEST_METHOD=GET HTTP_COOKIE="NagFormId=6164e70e; sinatra.session=BAh7BkkiD3Nlc3Npb25faWQGOgZFVG86" /usr/lib/nagios/cgi-bin/tac.cgi
Segmentation fault (core dumped)
(the cookie has nothing to do with nagios, but was sent by the webrowser after the cookie was set from other apps at the same server.)
I tried to get some upstream support under https://support.nagios.com/forum/index.php , but there's not even a category for versions < XI.
Is this version still supported?