Login or Register to Ask a Question and Join Our Community


Infrastructure Monitoring

USN-795-1: Nagios vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums UNIX and Linux Applications Infrastructure Monitoring USN-795-1: Nagios vulnerability
# 1  
Old 07-02-2009
USN-795-1: Nagios vulnerability
Referenced CVEs:
CVE-2009-2288


Description:
=========================================================== Ubuntu Security Notice USN-795-1 July 02, 2009 nagios2, nagios3 vulnerability CVE-2009-2288 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: nagios2 2.11-1ubuntu1.5 Ubuntu 8.10: nagios3 3.0.2-1ubuntu1.2 Ubuntu 9.04: nagios3 3.0.6-2ubuntu1.1 After a standard system upgrade you need to restart Nagios to effect the necessary changes. Details follow: It was discovered that Nagios did not properly parse certain commands submitted using the WAP web interface. An authenticated user could exploit this flaw and execute arbitrary programs on the server.





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

nagios3

nagios3(8)							      nagios								nagios3(8)

NAME

       nagios3 - network/systems status monitoring daemon

SYNOPSIS

       nagios3 [-h] [-v] [-s] [-d] <main_config_file>

DESCRIPTION

       nagios3	is  a  daemon  program	that  monitors the status of various network accessible systems, devices, and more.  For more information,
       please consult the online documentation available at http://www.nagios.org, or on your nagios server's web page.

OPTIONS

       main_config_file
	      The main configuration file.  On debian systems this defaults to /etc/nagios3/nagios.cfg

       -h     A helpful usage message

       -v     Reads all data in the configuration files and performs a basic verification/sanity check.  Always make sure you verify  your  config
	      data before (re)starting Nagios.

       -s     Shows projected/recommended check scheduling information based on the current data in the configuration files.

       -d     Starts Nagios in daemon mode (instead of as a foreground process).

FILES

       /etc/nagios3
	      Default configuration directory for nagios3

AUTHOR

       nagios3	is  written and maintained by Ethan Galstad <nagios@nagios.org>.  This manual page was written by sean finney <seanius@debian.org>
       for the Debian GNU/Linux operating system (but it may be freely used, modified, and redistributed by others).

sean finney							   February 2006							nagios3(8)