CVE-2008-5027 Information
Description
The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks and trigger execution of arbitrary programs by this process via an (a) custom form or a (b) browser addon.
Reference
http://marc.info/?l=bugtraq&m=124156641928637&w=2 http://secunia.com/advisories/33320 http://secunia.com/advisories/35002 http://security.gentoo.org/glsa/glsa-200907-15.xml http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.501000940op5.se&forum_name=nagios-devel http://www.nagios.org/development/history/nagios-3x.php http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor http://www.openwall.com/lists/oss-security/2008/11/06/2 http://www.securityfocus.com/bid/32156 http://www.securitytracker.com/id?1022165 http://www.ubuntu.com/usn/USN-698-1 http://www.vupen.com/english/advisories/2008/3029 http://www.vupen.com/english/advisories/2008/3364 http://www.vupen.com/english/advisories/2009/1256 https://www.ubuntu.com/usn/USN-698-3/
Share on: