CVE-2008-5027
First published: Mon Nov 10 2008(Updated: )
The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nagios Nagios | =3.0-alpha3 | |
| Nagios Nagios | =2.0b5 | |
| Nagios Nagios | =2.7 | |
| Nagios Nagios | =2.4 | |
| Nagios Nagios | =3.0-rc3 | |
| op5 Monitor | <=4.0.0 | |
| Nagios Nagios | =3.0-beta4 | |
| Nagios Nagios | =2.0b6 | |
| Nagios Nagios | =1.0b3 | |
| Nagios Nagios | =1.1 | |
| Nagios Nagios | =3.0-alpha2 | |
| Nagios Nagios | =2.1 | |
| op5 Monitor | =3.3.1 | |
| Nagios Nagios | =1.0b6 | |
| Nagios Nagios | =3.0.1 | |
| Nagios Nagios | =1.0 | |
| Nagios Nagios | =2.3.1 | |
| Nagios Nagios | =3.0-beta5 | |
| Nagios Nagios | =2.2 | |
| Nagios Nagios | =3.0-rc1 | |
| op5 Monitor | =3.2 | |
| Nagios Nagios | =2.0b2 | |
| op5 Monitor | =2.8 | |
| op5 Monitor | =3.2.4 | |
| Nagios Nagios | =1.0b4 | |
| Nagios Nagios | =3.0.2 | |
| Nagios Nagios | =2.5 | |
| Nagios Nagios | =2.0b4 | |
| Nagios Nagios | =2.8 | |
| Nagios Nagios | <=3.0.4 | |
| Nagios Nagios | =3.0-beta2 | |
| Nagios Nagios | =2.10 | |
| Nagios Nagios | =1.2 | |
| Nagios Nagios | =3.0-beta7 | |
| Nagios Nagios | =3.0-rc2 | |
| Nagios Nagios | =1.0b5 | |
| op5 Monitor | =3.3.3 | |
| Nagios Nagios | =1.0_b3 | |
| Nagios Nagios | =2.0b1 | |
| op5 Monitor | =2.6 | |
| Nagios Nagios | =3.0 | |
| Nagios Nagios | =2.0 | |
| Nagios Nagios | =1.4 | |
| Nagios Nagios | =3.0-alpha1 | |
| Nagios Nagios | =1.4.1 | |
| Nagios Nagios | =3.0-beta6 | |
| Nagios Nagios | =2.0b3 | |
| Nagios Nagios | =1.3 | |
| Nagios Nagios | =2.11 | |
| Nagios Nagios | =3.0-alpha4 | |
| op5 Monitor | =3.0.0 | |
| Nagios Nagios | =2.0rc1 | |
| Nagios Nagios | =3.0-beta1 | |
| Nagios Nagios | =1.0_b1 | |
| Nagios Nagios | =2.3 | |
| Nagios Nagios | =1.0b1 | |
| Nagios Nagios | =3.0-beta3 | |
| Nagios Nagios | =3.0.3 | |
| op5 Monitor | =3.3.2 | |
| Nagios Nagios | =1.0b2 | |
| Nagios Nagios | =2.9 | |
| Nagios Nagios | =1.0_b2 | |
| Nagios Nagios | =2.0rc2 | |
| op5 Monitor | =2.4 | |
| op5 Monitor | =3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/32156
- http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel
- http://www.openwall.com/lists/oss-security/2008/11/06/2
- http://www.nagios.org/development/history/nagios-3x.php
- http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor
- http://secunia.com/advisories/33320
- http://www.ubuntu.com/usn/USN-698-1
- http://www.vupen.com/english/advisories/2008/3029
- http://www.vupen.com/english/advisories/2009/1256
- http://marc.info/?l=bugtraq&m=124156641928637&w=2
- http://secunia.com/advisories/35002
- http://www.securitytracker.com/id?1022165
- http://security.gentoo.org/glsa/glsa-200907-15.xml
- http://www.vupen.com/english/advisories/2008/3364
- https://www.ubuntu.com/usn/USN-698-3/
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- agent/event
- agent/weakness
- agent/type
- agent/severity
- agent/description
- agent/author
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/nagios
- canonical/nagios nagios
- version/nagios nagios/3.0-alpha3
- version/nagios nagios/2.0b5
- version/nagios nagios/2.7
- version/nagios nagios/2.4
- version/nagios nagios/3.0-rc3
- vendor/op5
- canonical/op5 monitor
- version/op5 monitor/4.0.0
- version/nagios nagios/3.0-beta4
- version/nagios nagios/2.0b6
- version/nagios nagios/1.0b3
- version/nagios nagios/1.1
- version/nagios nagios/3.0-alpha2
- version/nagios nagios/2.1
- version/op5 monitor/3.3.1
- version/nagios nagios/1.0b6
- version/nagios nagios/3.0.1
- version/nagios nagios/1.0
- version/nagios nagios/2.3.1
- version/nagios nagios/3.0-beta5
- version/nagios nagios/2.2
- version/nagios nagios/3.0-rc1
- version/op5 monitor/3.2
- version/nagios nagios/2.0b2
- version/op5 monitor/2.8
- version/op5 monitor/3.2.4
- version/nagios nagios/1.0b4
- version/nagios nagios/3.0.2
- version/nagios nagios/2.5
- version/nagios nagios/2.0b4
- version/nagios nagios/2.8
- version/nagios nagios/3.0.4
- version/nagios nagios/3.0-beta2
- version/nagios nagios/2.10
- version/nagios nagios/1.2
- version/nagios nagios/3.0-beta7
- version/nagios nagios/3.0-rc2
- version/nagios nagios/1.0b5
- version/op5 monitor/3.3.3
- version/nagios nagios/1.0_b3
- version/nagios nagios/2.0b1
- version/op5 monitor/2.6
- version/nagios nagios/3.0
- version/nagios nagios/2.0
- version/nagios nagios/1.4
- version/nagios nagios/3.0-alpha1
- version/nagios nagios/1.4.1
- version/nagios nagios/3.0-beta6
- version/nagios nagios/2.0b3
- version/nagios nagios/1.3
- version/nagios nagios/2.11
- version/nagios nagios/3.0-alpha4
- version/op5 monitor/3.0.0
- version/nagios nagios/2.0rc1
- version/nagios nagios/3.0-beta1
- version/nagios nagios/1.0_b1
- version/nagios nagios/2.3
- version/nagios nagios/1.0b1
- version/nagios nagios/3.0-beta3
- version/nagios nagios/3.0.3
- version/op5 monitor/3.3.2
- version/nagios nagios/1.0b2
- version/nagios nagios/2.9
- version/nagios nagios/1.0_b2
- version/nagios nagios/2.0rc2
- version/op5 monitor/2.4
- version/op5 monitor/3.0