Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-698-1: Nagios vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-698-1: Nagios vulnerability
# 1  
Old 12-22-2008
USN-698-1: Nagios vulnerability
Referenced CVEs:
CVE-2008-5027


Description:
=========================================================== Ubuntu Security Notice USN-698-1 December 22, 2008 nagios vulnerability CVE-2008-5027 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: nagios-common 2:1.3-cvs.20050402-8ubuntu8 After a standard system upgrade you need to restart Nagios to effect the necessary changes. Details follow: It was discovered that Nagios did not properly parse commands submitted using the web interface. An authenticated user could use a custom form or a browser addon to bypass security restrictions and submit unauthorized commands.





More...
Login or Register to Ask a Question

Previous Thread | Next Thread

1 More Discussions You Might Find Interesting

1. Infrastructure Monitoring

USN-795-1: Nagios vulnerability

Referenced CVEs: CVE-2009-2288 Description: =========================================================== Ubuntu Security Notice USN-795-1 July 02, 2009 nagios2, nagios3... (0 Replies)
Discussion started by: Linux Bot
0 Replies
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

nagircbot

NAGIRCBOT(1)						      General Commands Manual						      NAGIRCBOT(1)

NAME

       nagircbot - announce Nagios status to an IRC channel

SYNOPSIS

       nagircbot [-CdeHmRStxX] [-A REGEX] [-c CHANNEL] [-f FILE] [-F HOST[:PORT]] [-i INTERVAL] [-I INTERVAL] [-k KEYWORD] [-n NICK] [-N PREFIX]
		 [-p PASSWORD] [-P FILE] [-s HOST[:PORT]] [-T LIST] [-u USERNAME] [-U NAME] [-z USER]

DESCRIPTION

       nagircbot is an IRC bot that reads Nagios' status information and emits alerts to an IRC channel. It can filter alerts based on severity
       (CRITICAL, HARD, SOFT, and/or UNKNOWN) or by regular expression. It can connect to IRC servers protected by password or SSL, and can
       optionally set the topic to the current Nagios status.

OPTIONS

       -A REGEX
	      Filter (omit) lines that match a basic regular expression.

       -c CHANNEL
	      Channel to connect to, including the leading "#" (default: "#nagircbot").

       -C     Use colors in IRC messages.

       -d     Do not fork into the background.

       -e     Use encryption (SSL) when connecting to the IRC server.

       -f FILE
	      Path to Nagios' status.log, indicated by the 'status_file' parameter in nagios.cfg (default: "/usr/local/nagios/var/status.log").

       -F HOST[:PORT]
	      Retrieve status.log over the network. If no port is specified, the default is 33333.

       -H     Only announce alerts in 'HARD' state. This is the default.

       -i INTERVAL
	      Nagios alert check interval, in seconds (default: 60).

       -I INTERVAL
	      How often to announce Nagios global status in the channel, in seconds.  Specify an interval of 0 (the default) to disable. Do not
	      specify an interval smaller than the alert check (-i) interval.

       -k KEYWORD
	      Keyword for the channel (default: no keyword).

       -m     Display status information for an alert in separate IRC messages instead of combining on a single message.

       -n NICK
	      IRC nick to use (default: "nagircbot").

       -N PREFIX
	      Prefix for all in-channel IRC messages.

       -p PASSWORD
	      IRC server password.

       -P FILE
	      Write PID file.

       -R     Only announce CRITICAL/UNKNOWN alerts.

       -s HOST[:PORT]
	      IRC server to connect to. If not specified, the default is "localhost:6667".  If no port is specified, the default is 33333.

       -S     Also announce alerts in 'SOFT' state.

       -t     Set the channel topic to an alert summary.

       -T LIST
	      Enable checks to see if Nagios is still running. Send 'check' in a private message to invoke the check. Accepts a comma-seperated
	      list (without spaces) with the following elements: max_time_last_host_update, max_time_oldest_host_update, max_time_last_host_check,
	      max_time_oldest_host_check, max_time_last_service_check, max_time_oldest_service_check, and max_time_oldest_next_service_check.

       -u USERNAME
	      Username to log into the IRC server as.

       -U NAME
	      IRC "real" or full name (default: "nagircbot").

       -x     status.log is in Nagios 1.0 format.

       -X     status.log is in Nagios 2.0/3.0 format. This is the default.

       -z USER
	      User to run as.

AUTHOR

       nagircbot was written by Folkert van Heusden <folkert@vanheusden.com>.

       This manual page was written by John Morrissey <jwm@horde.net>, for the Debian project (and may be used by others).

								 December 13, 2010						      NAGIRCBOT(1)