*** This bug is a security vulnerability *** Public security bug reported:
Binary package hint: nagios3 CVE 2008-5027 The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon. CVE 2008-5028 Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests. ** Affects: nagios3 (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-5027 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-5028 -- Bypass auth checks in Nagios (CVE-2008-5027, CVE-2008-5028) https://bugs.launchpad.net/bugs/301542 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs