Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-698-3: Nagios vulnerabilities

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-698-3: Nagios vulnerabilities
# 1  
Old 12-23-2008
USN-698-3: Nagios vulnerabilities
Referenced CVEs:
CVE-2008-5027, CVE-2008-5028


Description:
=========================================================== Ubuntu Security Notice USN-698-3 December 23, 2008 nagios2 vulnerabilities CVE-2008-5027, CVE-2008-5028 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: nagios2 2.11-1ubuntu1.4 After a standard system upgrade you need to restart Nagios to effect the necessary changes. Details follow: It was discovered that Nagios was vulnerable to a Cross-site request forgery (CSRF) vulnerability. If an authenticated nagios user were tricked into clicking a link on a specially crafted web page, an attacker could trigger commands to be processed by Nagios and execute arbitrary programs. This update alters Nagios behaviour by disabling submission of CMD_CHANGE commands. (CVE-2008-5028) It was discovered that Nagios did not properly parse commands submitted using the web interface. An authenticated user could use a custom form or a browser addon to bypass security restrictions and submit unauthorized commands. (CVE-2008-5027)





More...
Login or Register to Ask a Question

Previous Thread | Next Thread

1 More Discussions You Might Find Interesting

1. Infrastructure Monitoring

USN-795-1: Nagios vulnerability

Referenced CVEs: CVE-2009-2288 Description: =========================================================== Ubuntu Security Notice USN-795-1 July 02, 2009 nagios2, nagios3... (0 Replies)
Discussion started by: Linux Bot
0 Replies
Login or Register to Ask a Question

LEARN ABOUT CENTOS

erb

ERB(1)							 Ruby Programmers Reference Guide						    ERB(1)

NAME

     erb -- Ruby Templating

SYNOPSIS

     erb [--version] [-UPdnvx] [-E ext[:int]] [-S level] [-T mode] [-r library] [--] [file ...]

DESCRIPTION

     erb is a command line front-end for ERB library, which is an implementation of eRuby.

     ERB provides an easy to use but powerful templating system for Ruby.  Using ERB, actual Ruby code can be added to any plain text document for
     the purposes of generating document information details and/or flow control.

     erb is a part of Ruby.

OPTIONS

     --version	    Prints the version of erb.

     -E external[:internal]
     --encoding external[:internal]
		    Specifies the default value(s) for external encodings and internal encoding. Values should be separated with colon (:).

		    You can omit the one for internal encodings, then the value (Encoding.default_internal) will be nil.

     -P 	    Evaluates lines starting with % as Ruby code and removes the tailing EOLs.

     -S level	    Specifies the safe level in which eRuby script will run.

     -T mode	    Specifies trim mode (default 0).  mode can be one of

			  0	  EOL remains after the embedded ruby script is evaluated.

			  1	  EOL is removed if the line ends with %>.

			  2	  EOL is removed if the line starts with <% and ends with %>.

			  -	  EOL is removed if the line ends with -%>.  And leading whitespaces are removed if the erb directive starts with
				  <%-.

     -U 	    can be one of Sets the default value for internal encodings (Encoding.default_internal) to UTF-8.

     -d
     --debug	    Turns on debug mode.  $DEBUG will be set to true.

     -h
     --help	    Prints a summary of the options.

     -n 	    Used with -x.  Prepends the line number to each line in the output.

     -v 	    Enables verbose mode.  $VERBOSE will be set to true.

     -x 	    Converts the eRuby script into Ruby script and prints it without line numbers.

EXAMPLES

     Here is an eRuby script

	   <?xml version="1.0" ?>
	   <% require 'prime' -%>
	   <erb-example>
	     <calc><%= 1+1 %></calc>
	     <var><%= __FILE__ %></var>
	     <library><%= Prime.each(10).to_a.join(", ") %></library>
	   </erb-example>

     Command
	   % erb -T - example.erb
     prints

	   <?xml version="1.0" ?>
	   <erb-example>
	     <calc>2</calc>
	     <var>example.erb</var>
	     <library>2, 3, 5, 7</library>
	   </erb-example>

SEE ALSO

     ruby(1).

     And see ri(1) documentation for ERB class.

REPORTING BUGS

     Security vulnerabilities should be reported via an email to <security@ruby-lang.org>.  Reported problems will be published after being fixed.

     And you can report other bugs and feature requests via the Ruby Issue Tracking System (http://bugs.ruby-lang.org).  Do not report security
     vulnerabilities via the system because it publishes the vulnerabilities immediately.

AUTHORS

     Written by Masatoshi SEKI.

UNIX
								 November 7, 2012							      UNIX