==========================================================Ubuntu Security Notice USN-698-2          December 22, 2008
nagios3 vulnerabilities
CVE-2008-5027, CVE-2008-5028
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.10:
  nagios3                         3.0.2-1ubuntu1.1

After a standard system upgrade you need to restart Nagios to effect
the necessary changes.

Details follow:

It was discovered that Nagios was vulnerable to a Cross-site request forgery
(CSRF) vulnerability. If an authenticated nagios user were tricked into
clicking a link on a specially crafted web page, an attacker could trigger
commands to be processed by Nagios and execute arbitrary programs. This
update alters Nagios behaviour by disabling submission of CMD_CHANGE commands.
(CVE-2008-5028)

It was discovered that Nagios did not properly parse commands submitted using
the web interface. An authenticated user could use a custom form or a browser
addon to bypass security restrictions and submit unauthorized commands.
(CVE-2008-5027)


Updated packages for Ubuntu 8.10:

  Source archives:

          Size/MD5:    38086 84020bf2660e52ef176a2274971e4c1b
          Size/MD5:     1644 868828fdabd748689e35083aa052a483
          Size/MD5:  2759331 008d71aac08660bc007f7130ea82ab80

  Architecture independent packages:

          Size/MD5:    72216 1cccb3e8640dbd2612caf7841ae1756b
          Size/MD5:  2063224 9769666c13c1d886228f66ff40dc729a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:  2660164 381e889f994b102f6e65acc67f032f7a
          Size/MD5:  1538712 8ce98eee89e13bc544180c73c9d24ba0

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:  2429130 87889b6dc28b86c4aae3d0acdd9950e9
          Size/MD5:  1387398 ec353697aced7539893ef9409d850120

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:  2479724 433504296b1650a7d393ab28d9b264b7
          Size/MD5:  1376480 be232a1c16b5daff63b586f2cd66b9eb

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:  2630802 167b533ea10d8962df5bc5904133c067
          Size/MD5:  1525154 0679044c20e6a53c9311f2670834035b

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:  2327204 f40329c8a8216799a365d185bcc2a646
          Size/MD5:  1379752 04408878bff9de5f485c7da2c6ffde4d



--=-mYyGRrkIRz8XgQEsC6l+
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAklPpfgACgkQLMAs/0C4zNpDNQCghNyH1tzwJKxy8CXSiIIzUXFQ
NHYAoIRdJ1EZWi6MB04DPzzobx3KG9TE
=gM9K
-----END PGP SIGNATURE-------=-mYyGRrkIRz8XgQEsC6l+--

--==============r03303522161523901=Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--==============r03303522161523901==--

Ubuntu: Nagios3 vulnerabilities

December 22, 2008
It was discovered that Nagios was vulnerable to a Cross-site request forgery (CSRF) vulnerability

Summary

Update Instructions

References

Severity
nagios3 vulnerabilities

Package Information

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved