==========================================================Ubuntu Security Notice USN-698-3 December 23, 2008
nagios2 vulnerabilities
CVE-2008-5027, CVE-2008-5028
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.04 LTS:
nagios2 2.11-1ubuntu1.4
After a standard system upgrade you need to restart Nagios to effect
the necessary changes.
Details follow:
It was discovered that Nagios was vulnerable to a Cross-site request forgery
(CSRF) vulnerability. If an authenticated nagios user were tricked into
clicking a link on a specially crafted web page, an attacker could trigger
commands to be processed by Nagios and execute arbitrary programs. This
update alters Nagios behaviour by disabling submission of CMD_CHANGE commands.
(CVE-2008-5028)
It was discovered that Nagios did not properly parse commands submitted using
the web interface. An authenticated user could use a custom form or a browser
addon to bypass security restrictions and submit unauthorized commands.
(CVE-2008-5027)
Updated packages for Ubuntu 8.04 LTS:
Source archives:
Size/MD5: 37439 1e9c238bb21704f42d6275c31cf99108
Size/MD5: 1174 99b9d7ca524be867d538f8f39d52f0cf
Size/MD5: 1741962 058c1f4829de748b42da1b584cccc941
Architecture independent packages:
Size/MD5: 61506 c4f5c96b1c8be0e58c362eb005efba9c
Size/MD5: 1135002 0515ced55e66978706203bdac4055b39
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
Size/MD5: 1640150 d23994c62750473a55138f10935318b6
Size/MD5: 1106218 d2ca0e16009ae6738cae6efd29f243df
i386 architecture (x86 compatible Intel/AMD):
Size/MD5: 1552138 4a165fc1202e3dcc4c7af4eeaa8f14cb
Size/MD5: 987174 73ba6b8faef90259a965ad3c2aee176e
lpia architecture (Low Power Intel Architecture):
Size/MD5: 1586750 161d8bbc1d2f8251aa0888c326152763
Size/MD5: 999124 984199f0814041fb1d3be332c78a1084
powerpc architecture (Apple Macintosh G3/G4/G5):
Size/MD5: 1609376 fc3975c98bf065371fd8a0230d1007c5
Size/MD5: 1109530 a5e36a48935587ccfc565376a5ea58fa
sparc architecture (Sun SPARC/UltraSPARC):
Size/MD5: 1448326 2fc971f58d9891abd1d2babe018742ef
Size/MD5: 989588 158c615af339c126f07fcc8b3e05480a
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.