Lucene search

K
ubuntuUbuntuUSN-698-2
HistoryDec 22, 2008 - 12:00 a.m.

Nagios3 vulnerabilities

2008-12-2200:00:00
ubuntu.com
31

7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.032 Low

EPSS

Percentile

90.9%

Releases

  • Ubuntu 8.10

Packages

  • nagios3 -

Details

It was discovered that Nagios was vulnerable to a Cross-site request forgery
(CSRF) vulnerability. If an authenticated nagios user were tricked into
clicking a link on a specially crafted web page, an attacker could trigger
commands to be processed by Nagios and execute arbitrary programs. This
update alters Nagios behaviour by disabling submission of CMD_CHANGE commands.
(CVE-2008-5028)

It was discovered that Nagios did not properly parse commands submitted using
the web interface. An authenticated user could use a custom form or a browser
addon to bypass security restrictions and submit unauthorized commands.
(CVE-2008-5027)

OSVersionArchitecturePackageVersionFilename
Ubuntu8.10noarchnagios3< 3.0.2-1ubuntu1.1UNKNOWN
Ubuntu8.10noarchnagios3< dbg-3.0.2-1ubuntu1.1UNKNOWN

7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.032 Low

EPSS

Percentile

90.9%

Related for USN-698-2