Ubuntu Update For Nagios2 Vulnerabilities USN-698-3 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-698-3

Solution

Please Install the Updated Packages.

Insight

It was discovered that Nagios was vulnerable to a Cross-site request forgery (CSRF) vulnerability. If an authenticated nagios user were tricked into clicking a link on a specially crafted web page, an attacker could trigger commands to be processed by Nagios and execute arbitrary programs. This update alters Nagios behaviour by disabling submission of CMD_CHANGE commands. (CVE-2008-5028) It was discovered that Nagios did not properly parse commands submitted using the web interface. An authenticated user could use a custom form or a browser addon to bypass security restrictions and submit unauthorized commands. (CVE-2008-5027)

Affected

nagios2 vulnerabilities on Ubuntu 8.04 LTS

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-December/000815.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-5027, CVE-2008-5028

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Ubuntu Update for nagios2 vulnerabilities USN-698-3

Take action and discover your vulnerabilities