Lucene search

[email protected]NVD:CVE-2008-5027

HistoryNov 10, 2008 - 3:23 p.m.

CVE-2008-5027

2008-11-1015:23:29

CWE-264

[email protected]

web.nvd.nist.gov

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.2 Medium

AI Score

Confidence

Low

0.032 Low

EPSS

Percentile

91.2%

JSON

The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon.

Affected configurations

NVD

Node

nagiosnagiosRange≤3.0.4

nagiosnagiosMatch1.0

nagiosnagiosMatch1.0_b1

nagiosnagiosMatch1.0_b2

nagiosnagiosMatch1.0_b3

nagiosnagiosMatch1.0b1

nagiosnagiosMatch1.0b2

nagiosnagiosMatch1.0b3

nagiosnagiosMatch1.0b4

nagiosnagiosMatch1.0b5

nagiosnagiosMatch1.0b6

nagiosnagiosMatch1.1

nagiosnagiosMatch1.2

nagiosnagiosMatch1.3

nagiosnagiosMatch1.4

nagiosnagiosMatch1.4.1

nagiosnagiosMatch2.0

nagiosnagiosMatch2.0b1

nagiosnagiosMatch2.0b2

nagiosnagiosMatch2.0b3

nagiosnagiosMatch2.0b4

nagiosnagiosMatch2.0b5

nagiosnagiosMatch2.0b6

nagiosnagiosMatch2.0rc1

nagiosnagiosMatch2.0rc2

nagiosnagiosMatch2.1

nagiosnagiosMatch2.2

nagiosnagiosMatch2.3

nagiosnagiosMatch2.3.1

nagiosnagiosMatch2.4

nagiosnagiosMatch2.5

nagiosnagiosMatch2.7

nagiosnagiosMatch2.8

nagiosnagiosMatch2.9

nagiosnagiosMatch2.10

nagiosnagiosMatch2.11

nagiosnagiosMatch3.0

nagiosnagiosMatch3.0alpha1

nagiosnagiosMatch3.0alpha2

nagiosnagiosMatch3.0alpha3

nagiosnagiosMatch3.0alpha4

nagiosnagiosMatch3.0beta1

nagiosnagiosMatch3.0beta2

nagiosnagiosMatch3.0beta3

nagiosnagiosMatch3.0beta4

nagiosnagiosMatch3.0beta5

nagiosnagiosMatch3.0beta6

nagiosnagiosMatch3.0beta7

nagiosnagiosMatch3.0rc1

nagiosnagiosMatch3.0rc2

nagiosnagiosMatch3.0rc3

nagiosnagiosMatch3.0.1

nagiosnagiosMatch3.0.2

nagiosnagiosMatch3.0.3

op5monitorRange≤4.0.0

op5monitorMatch2.4

op5monitorMatch2.6

op5monitorMatch2.8

op5monitorMatch3.0

op5monitorMatch3.0.0

op5monitorMatch3.2

op5monitorMatch3.2.4

op5monitorMatch3.3.1

op5monitorMatch3.3.2

op5monitorMatch3.3.3

References

marc.info/?l=bugtraq&m=124156641928637&w=2

secunia.com/advisories/33320

secunia.com/advisories/35002

security.gentoo.org/glsa/glsa-200907-15.xml

sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel

www.nagios.org/development/history/nagios-3x.php

www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor

www.openwall.com/lists/oss-security/2008/11/06/2

www.securityfocus.com/bid/32156

www.securitytracker.com/id?1022165

www.ubuntu.com/usn/USN-698-1

www.vupen.com/english/advisories/2008/3029

www.vupen.com/english/advisories/2008/3364

www.vupen.com/english/advisories/2009/1256

www.ubuntu.com/usn/USN-698-3/

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.2 Medium

AI Score

Confidence

Low

0.032 Low

EPSS

Percentile

91.2%

JSON

Related for NVD:CVE-2008-5027

freebsd1 openvas21 cve1 nessus8 ubuntu3 securityvulns3 cvelist1 prion1 fedora1 ubuntucve2 gentoo1