USN-1151-1: Nagios vulnerabilities
15 June 2011
An attacker could modify or steal data if you were tricked into clicking on a special link to Nagios.
- nagios3 - A host/service/network monitoring and management system
Stefan Schurtz discovered than Nagios did not properly sanitize its input
when processing certain requests, resulting in cross-site scripting (XSS)
vulnerabilities. With cross-site scripting vulnerabilities, if a user were
tricked into viewing server output during a crafted server request, a
remote attacker could exploit this to modify the contents, or steal
confidential data, within the same domain.
The problem can be corrected by updating your system to the following package versions:
After a standard system update you need to restart Nagios to make
all the necessary changes.