CVE-2008-5027

Note

Nagios 1.x doesn't have the CHANGE commands, so authenticated users
wouldn't be able to trigger arbitrary programs. They could bypass
authorization checks by submitting commands with linefeeds though.
Also see CVE-2008-6373

Package	Release	Status
nagios Launchpad, Ubuntu, Debian	dapper	Released (2:1.3-cvs.20050402-8ubuntu8)
	gutsy	Ignored (end of life, was needed)
	hardy	Does not exist
	intrepid	Does not exist
	upstream	Needs triage
	Patches: vendor: http://trac.opsview.org/browser/trunk/opsview-base/patches/nagios_cgi_encoded_linefeeds.patch?rev=1653
nagios2 Launchpad, Ubuntu, Debian	dapper	Does not exist
	gutsy	Ignored (end of life, was needed)
	hardy	Released (2.11-1ubuntu1.4)
	intrepid	Does not exist
	upstream	Needs triage
	Patches: vendor: http://trac.opsview.org/browser/trunk/opsview-base/patches/nagios_block_external_change_commands.patch?rev=1653 vendor: http://trac.opsview.org/browser/trunk/opsview-base/patches/nagios_cgi_encoded_linefeeds.patch?rev=1653
nagios3 Launchpad, Ubuntu, Debian	dapper	Does not exist
	gutsy	Does not exist
	hardy	Does not exist
	intrepid	Released (3.0.2-1ubuntu1.1)
	upstream	Released (3.0.5)
	Patches: upstream: http://git.op5.org/git/?p=nagios.git;a=commitdiff;h=2640b78e17f0c8152933adcbd01a68beee3fa0f3 upstream: http://git.op5.org/git/?p=nagios.git;a=commitdiff;h=d908473257dc3d3fc8246c5143d4f0a91cbbfe2a upstream: http://git.op5.org/git/?p=nagios.git;a=commitdiff;h=4cf2bf46060bcbb88c92cb080e73e6cec84ecddc upstream: http://git.op5.org/git/?p=nagios.git;a=commitdiff;h=982b889cbd7a7a930ddb59bad355b1b437073be0

CVE-2008-5027

Notes

Priority

Status

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading