PRIOn knowledge basePRION:CVE-2008-5027Authorization
The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon.
References
secunia.com/advisories/33320
secunia.com/advisories/35002
security.gentoo.org/glsa/glsa-200907-15.xml
sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel
www.nagios.org/development/history/nagios-3x.php
www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor
www.openwall.com/lists/oss-security/2008/11/06/2
www.securityfocus.com/bid/32156
www.securitytracker.com/id?1022165
www.ubuntu.com/usn/USN-698-1
www.vupen.com/english/advisories/2008/3029
www.vupen.com/english/advisories/2008/3364
www.vupen.com/english/advisories/2009/1256
marc.info/?l=bugtraq&m=124156641928637&w=2
www.ubuntu.com/usn/USN-698-3/
Related
