Login or Register to Ask a Question and Join Our Community


Infrastructure Monitoring

USN-795-1: Nagios vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums UNIX and Linux Applications Infrastructure Monitoring USN-795-1: Nagios vulnerability
# 1  
Old 07-02-2009
USN-795-1: Nagios vulnerability
Referenced CVEs:
CVE-2009-2288


Description:
=========================================================== Ubuntu Security Notice USN-795-1 July 02, 2009 nagios2, nagios3 vulnerability CVE-2009-2288 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: nagios2 2.11-1ubuntu1.5 Ubuntu 8.10: nagios3 3.0.2-1ubuntu1.2 Ubuntu 9.04: nagios3 3.0.6-2ubuntu1.1 After a standard system upgrade you need to restart Nagios to effect the necessary changes. Details follow: It was discovered that Nagios did not properly parse certain commands submitted using the WAP web interface. An authenticated user could exploit this flaw and execute arbitrary programs on the server.





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

nagios::object

Nagios::Object(3pm)					User Contributed Perl Documentation				       Nagios::Object(3pm)

NAME

       Nagios::Object - Creates perl objects to represent Nagios objects

DESCRIPTION

       This module contains the code for creating perl objects to represent any of the Nagios objects.	All of the perl classes are auto-generated
       at compile-time, so it's pretty trivial to add new attributes or even entire objects.  The following is a list of currently supported
       classes:

	Nagios::TimePeriod
	Nagios::Command
	Nagios::Contact
	Nagios::ContactGroup
	Nagios::Host
	Nagios::Service
	Nagios::HostGroup
	Nagios::ServiceEscalation
	Nagios::HostDependency
	Nagios::HostEscalation
	Nagios::HostGroupEscalation
	Nagios::ServiceDependency
	-- next two are for status.dat in Nagios 2.x
	Nagios::Info
	Nagios::Program

EXAMPLE

	use Nagios::Object;
	my $generic_host = Nagios::Host->new(
	   register			=> 0,
	   parents			=> undef,
	   check_command		=> $some_command,
	   max_check_attempts		=> 3,
	   checks_enabled		=> 1,
	   event_handler		=> $some_command,
	   event_handler_enabled	=> 0,
	   low_flap_threshold	       => 0,
	   high_flap_threshold	       => 0,
	   flap_detection_enabled	=> 0,
	   process_perf_data		=> 1,
	   retain_status_information	=> 1,
	   retain_nonstatus_information => 1,
	   notification_interval	=> $timeperiod,
	   notification_options 	=> [qw(d u r)],
	   notifications_enabled	=> 1,
	   stalking_options		=> [qw(o d u)]
	);

	# this will automatically 'use' $generic_host
	my $localhost = $generic_host->new(
	   host_name => "localhost",
	   alias     => "Loopback",
	   address   => "127.0.0.1"
	);

	my $hostname = $localhost->host_name();
	printf "max check attempts for $hostname is %s.
",
	    $localhost->max_check_attempts;

	$localhost->set_event_handler(
	    Nagios::Command->new(
		command_name => "new_event_handler",
		command_line => "/bin/true"
	    )
	);

METHODS

       new()
	   Create a new object of one of the types listed above.

	   Calling new() on an existing object will use the LHS object as the template for the object being created.   This is mainly useful for
	   creating objects without involving Nagios::Object::Config (like in the test suite).

	    Nagios::Host->new( ... );

       dump()
	   Output a Nagios define { } block from an object.  This is still EXPERIMENTAL, but may eventually be robust enough to use for a
	   configuration GUI.	Passing in a single true argument will tell it to flatten the object inheritance on dump.

	    print $object->dump();
	    print $object->dump(1); # flatten

       name()
	   This method is common to all classes created by this module.  It should always return the textual name for an object.  It is used
	   internally by the Nagios::Object modules to allow polymorphism (which is what makes this module so compact).  This is the only way to
	   retrieve the name of a template, since they are identified by their "name" field.

	    my $svc_desc = $service->name;
	    my $hostname = $host->name;

	   Which is just short for:

	    my $svc_desc = $service->service_description;
	    my $hostname = $service->host_name;

       register()
	   Returns true/undef to indicate whether the calling object is registerable or not.

	    if ( $object->register ) { print $object->name, " is registerable." }

       has_attribute()
	   Returns true/undef to indicate whether the calling object has the attribute specified as the only argument.

	    # check to see if $object has attribute "command_line"
	    die if ( !$object->has_attribute("command_line") );

       list_attributes()
	   Returns a list of valid attributes for the calling object.

	    my @host_attributes = $host->list_attributes();

       attribute_type()
	   Returns the type of data expected by the object's set_ method for the given attribute.  For some fields like notification_options, it
	   may return "char_flag."

	   For "name" attributes, it will simply return whatever %setup_data contains.

	   This method needs some TLC ...

	    my $type = $host->attribute_type("notification_period");

       attribute_is_list()
	   Returns true if the attribute is supposed to be a list (ARRAYREF).

	    if ( $object->attribute_is_list("members") ) {
	       $object->set_members( [$member] );
	    } else {
	       $object->set_members( $member );
	    }

AUTHOR

       Al Tobey <tobeya@cpan.org>

       Thank you to the fine people of #perl on freenode.net for helping me with some hairy code and silly optimizations.

WARNINGS

       See AUTHOR.

perl v5.12.4							    2011-10-22						       Nagios::Object(3pm)