*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: nagios3
CVE 2008-5027
The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1
allows remote authenticated users to bypass authorization checks, and trigger
execution of arbitrary programs by this process, via an (a) custom form or a
(b) browser addon.
CVE 2008-5028
Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5
and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to
the Nagios process, and trigger execution of arbitrary programs by this
process, via unspecified HTTP requests.
** Affects: nagios3 (Ubuntu)
Importance: Undecided
Status: New
** Visibility changed to: Public
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-5027
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-5028
--
Bypass auth checks in Nagios (CVE-2008-5027, CVE-2008-5028)
https://bugs.launchpad.net/bugs/301542
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nagios3 in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
