Login or Register to Ask a Question and Join Our Community


Infrastructure Monitoring

USN-795-1: Nagios vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums UNIX and Linux Applications Infrastructure Monitoring USN-795-1: Nagios vulnerability
# 1  
Old 07-02-2009
USN-795-1: Nagios vulnerability
Referenced CVEs:
CVE-2009-2288


Description:
=========================================================== Ubuntu Security Notice USN-795-1 July 02, 2009 nagios2, nagios3 vulnerability CVE-2009-2288 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: nagios2 2.11-1ubuntu1.5 Ubuntu 8.10: nagios3 3.0.2-1ubuntu1.2 Ubuntu 9.04: nagios3 3.0.6-2ubuntu1.1 After a standard system upgrade you need to restart Nagios to effect the necessary changes. Details follow: It was discovered that Nagios did not properly parse certain commands submitted using the WAP web interface. An authenticated user could exploit this flaw and execute arbitrary programs on the server.





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT CENTOS

nagios

nagios(8)                                                             Nagios                                                             nagios(8)

NAME

       Nagios - network/systems status monitoring daemon

SYNOPSIS

       nagios [-h] [-v] [-s] [-d] <main_config_file>

DESCRIPTION

       nagios  is a daemon program that monitors the status of various network accessible systems, devices, and more. For more information, please
       consult the online documentation available at http://www.nagios.org, or on your nagios server's web page.

OPTIONS

       main_config_file
              The main configuration file.  On openSUSE systems this defaults to /etc/nagios/nagios.cfg

       -h     A helpful usage message

       -v     Reads all data in the configuration files and performs a basic verification/sanity check.  Always make sure you verify  your  config
              data before (re)starting Nagios. You can also use the Nagios init script to verify your configuration - try: rcnagios check_verbose

       -s     Shows projected/recommended check scheduling information based on the current data in the configuration files.

       -d     Starts Nagios in daemon mode (instead of as a foreground process).

FILES

       /etc/nagios
              Default configuration directory for nagios

AUTHOR

       Nagios  is  written  and maintained by Ethan Galstad <nagios@nagios.org>.  This manual page was written by sean finney <seanius@debian.org>
       for the Debian GNU/Linux operating system (but it may be freely used, modified, and redistributed by others) and adapted by Lars Vogdt  for
       openSUSE.

sean finney, Lars Vogdt                                       February 2006, May 2010                                                    nagios(8)