USN-698-1: Nagios vulnerability


 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-698-1: Nagios vulnerability
# 1  
Old 12-22-2008
USN-698-1: Nagios vulnerability

Referenced CVEs:
CVE-2008-5027


Description:
=========================================================== Ubuntu Security Notice USN-698-1 December 22, 2008 nagios vulnerability CVE-2008-5027 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: nagios-common 2:1.3-cvs.20050402-8ubuntu8 After a standard system upgrade you need to restart Nagios to effect the necessary changes. Details follow: It was discovered that Nagios did not properly parse commands submitted using the web interface. An authenticated user could use a custom form or a browser addon to bypass security restrictions and submit unauthorized commands.





More...
Login or Register to Ask a Question

Previous Thread | Next Thread

1 More Discussions You Might Find Interesting

1. Infrastructure Monitoring

USN-795-1: Nagios vulnerability

Referenced CVEs: CVE-2009-2288 Description: =========================================================== Ubuntu Security Notice USN-795-1 July 02, 2009 nagios2, nagios3... (0 Replies)
Discussion started by: Linux Bot
0 Replies
Login or Register to Ask a Question
icinga(8)							      nagios								 icinga(8)

NAME
icinga - network/systems status monitoring daemon SYNOPSIS
icinga [-h] [-v] [-s] [-d] <main_config_file> DESCRIPTION
icinga is a daemon program that monitors the status of various network accessible systems, devices, and more. For more information, please consult the online documentation available at http://www.icinga.org, or on your Icinga server's web page. OPTIONS
main_config_file The main configuration file. On debian systems this defaults to /etc/icinga/icinga.cfg -h A helpful usage message -v Reads all data in the configuration files and performs a basic verification/sanity check. Always make sure you verify your config data before (re)starting Icinga. -s Shows projected/recommended check scheduling information based on the current data in the configuration files. -d Starts Icinga in daemon mode (instead of as a foreground process). FILES
/etc/icinga Default configuration directory for Icinga AUTHOR
Icinga was started as Nagios by Ethan Galstad <nagios@nagios.org>. Icinga is maintained by the Icinga Project <info@icinga.org>. This manual page was written by sean finney <seanius@debian.org> for the Debian GNU/Linux operating system (but it may be freely used, modified, and redistributed by others). sean finney March 2010 icinga(8)