Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: USN-698-3: Nagios vulnerabilities
Special Forums Cybersecurity Security Advisories (RSS) USN-698-3: Nagios vulnerabilities Post 302270957 by Linux Bot on Tuesday 23rd of December 2008 09:50:03 AM
Old 12-23-2008
USN-698-3: Nagios vulnerabilities
Referenced CVEs:
CVE-2008-5027, CVE-2008-5028


Description:
=========================================================== Ubuntu Security Notice USN-698-3 December 23, 2008 nagios2 vulnerabilities CVE-2008-5027, CVE-2008-5028 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: nagios2 2.11-1ubuntu1.4 After a standard system upgrade you need to restart Nagios to effect the necessary changes. Details follow: It was discovered that Nagios was vulnerable to a Cross-site request forgery (CSRF) vulnerability. If an authenticated nagios user were tricked into clicking a link on a specially crafted web page, an attacker could trigger commands to be processed by Nagios and execute arbitrary programs. This update alters Nagios behaviour by disabling submission of CMD_CHANGE commands. (CVE-2008-5028) It was discovered that Nagios did not properly parse commands submitted using the web interface. An authenticated user could use a custom form or a browser addon to bypass security restrictions and submit unauthorized commands. (CVE-2008-5027)





More...
 

We Also Found This Discussion For You

1. Infrastructure Monitoring

USN-795-1: Nagios vulnerability

Referenced CVEs: CVE-2009-2288 Description: =========================================================== Ubuntu Security Notice USN-795-1 July 02, 2009 nagios2, nagios3... (0 Replies)
Discussion started by: Linux Bot
0 Replies

LEARN ABOUT CENTOS

nagios

nagios(8)                                                             Nagios                                                             nagios(8)

NAME

       Nagios - network/systems status monitoring daemon

SYNOPSIS

       nagios [-h] [-v] [-s] [-d] <main_config_file>

DESCRIPTION

       nagios  is a daemon program that monitors the status of various network accessible systems, devices, and more. For more information, please
       consult the online documentation available at http://www.nagios.org, or on your nagios server's web page.

OPTIONS

       main_config_file
              The main configuration file.  On openSUSE systems this defaults to /etc/nagios/nagios.cfg

       -h     A helpful usage message

       -v     Reads all data in the configuration files and performs a basic verification/sanity check.  Always make sure you verify  your  config
              data before (re)starting Nagios. You can also use the Nagios init script to verify your configuration - try: rcnagios check_verbose

       -s     Shows projected/recommended check scheduling information based on the current data in the configuration files.

       -d     Starts Nagios in daemon mode (instead of as a foreground process).

FILES

       /etc/nagios
              Default configuration directory for nagios

AUTHOR

       Nagios  is  written  and maintained by Ethan Galstad <nagios@nagios.org>.  This manual page was written by sean finney <seanius@debian.org>
       for the Debian GNU/Linux operating system (but it may be freely used, modified, and redistributed by others) and adapted by Lars Vogdt  for
       openSUSE.

sean finney, Lars Vogdt                                       February 2006, May 2010                                                    nagios(8)
All times are GMT -4. The time now is 08:52 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy