Lucene search

UbuntuUSN-698-3

HistoryDec 23, 2008 - 12:00 a.m.

Nagios vulnerabilities

2008-12-2300:00:00

ubuntu.com

7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.032 Low

EPSS

Percentile

91.0%

JSON

Releases

Ubuntu 8.04

Packages

nagios2 -

Details

It was discovered that Nagios was vulnerable to a Cross-site request forgery
(CSRF) vulnerability. If an authenticated nagios user were tricked into
clicking a link on a specially crafted web page, an attacker could trigger
commands to be processed by Nagios and execute arbitrary programs. This
update alters Nagios behaviour by disabling submission of CMD_CHANGE commands.
(CVE-2008-5028)

It was discovered that Nagios did not properly parse commands submitted using
the web interface. An authenticated user could use a custom form or a browser
addon to bypass security restrictions and submit unauthorized commands.
(CVE-2008-5027)

OSVersionArchitecturePackageVersionFilename
Ubuntu8.04noarchnagios2< 2.11-1ubuntu1.4UNKNOWN
Ubuntu8.04noarchnagios2-dbg< 2.11-1ubuntu1.4UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	8.04	noarch	nagios2	< 2.11-1ubuntu1.4	UNKNOWN
Ubuntu	8.04	noarch	nagios2-dbg	< 2.11-1ubuntu1.4	UNKNOWN

References

ubuntu.com/security/CVE-2008-5027

ubuntu.com/security/CVE-2008-5028

7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.032 Low

EPSS

Percentile

91.0%

JSON

Related for USN-698-3