CVE-2008-5028 Information

Description

Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process and trigger execution of arbitrary programs by this process via unspecified HTTP requests.

Reference

http://git.op5.org/git/?p=nagios.git;a=commit;h=814d8d4d1a73f7151eeed187c0667585d79fea18 http://marc.info/?l=bugtraq&m=124156641928637&w=2 http://osvdb.org/49678 http://secunia.com/advisories/32610 http://secunia.com/advisories/32630 http://secunia.com/advisories/33320 http://secunia.com/advisories/35002 http://security.gentoo.org/glsa/glsa-200907-15.xml http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.501000940op5.se&forum_name=nagios-devel http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor http://www.openwall.com/lists/oss-security/2008/11/06/2 http://www.securitytracker.com/id?1022165 http://www.vupen.com/english/advisories/2008/3029 http://www.vupen.com/english/advisories/2009/1256 https://exchange.xforce.ibmcloud.com/vulnerabilities/46426 https://exchange.xforce.ibmcloud.com/vulnerabilities/46521 https://www.ubuntu.com/usn/USN-698-3/