6.1 Medium
AI Score
Confidence
Low
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.032 Low
EPSS
Percentile
91.0%
The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon.
marc.info/?l=bugtraq&m=124156641928637&w=2
secunia.com/advisories/33320
secunia.com/advisories/35002
security.gentoo.org/glsa/glsa-200907-15.xml
sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel
www.nagios.org/development/history/nagios-3x.php
www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor
www.openwall.com/lists/oss-security/2008/11/06/2
www.securityfocus.com/bid/32156
www.securitytracker.com/id?1022165
www.ubuntu.com/usn/USN-698-1
www.vupen.com/english/advisories/2008/3029
www.vupen.com/english/advisories/2008/3364
www.vupen.com/english/advisories/2009/1256
www.ubuntu.com/usn/USN-698-3/