CVE-2008-5027
First published: Mon Nov 10 2008(Updated: )
The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nagios Plugins | =3.0-alpha3 | |
| Nagios Plugins | =2.0b5 | |
| Nagios Plugins | =2.7 | |
| Nagios Plugins | =2.4 | |
| Nagios Plugins | =3.0-rc3 | |
| op5 Monitor | <=4.0.0 | |
| Nagios Plugins | =3.0-beta4 | |
| Nagios Plugins | =2.0b6 | |
| Nagios Plugins | =1.0b3 | |
| Nagios Plugins | =1.1 | |
| Nagios Plugins | =3.0-alpha2 | |
| Nagios Plugins | =2.1 | |
| op5 Monitor | =3.3.1 | |
| Nagios Plugins | =1.0b6 | |
| Nagios Plugins | =3.0.1 | |
| Nagios Plugins | =1.0 | |
| Nagios Plugins | =2.3.1 | |
| Nagios Plugins | =3.0-beta5 | |
| Nagios Plugins | =2.2 | |
| Nagios Plugins | =3.0-rc1 | |
| op5 Monitor | =3.2 | |
| Nagios Plugins | =2.0b2 | |
| op5 Monitor | =2.8 | |
| op5 Monitor | =3.2.4 | |
| Nagios Plugins | =1.0b4 | |
| Nagios Plugins | =3.0.2 | |
| Nagios Plugins | =2.5 | |
| Nagios Plugins | =2.0b4 | |
| Nagios Plugins | =2.8 | |
| Nagios Plugins | <=3.0.4 | |
| Nagios Plugins | =3.0-beta2 | |
| Nagios Plugins | =2.10 | |
| Nagios Plugins | =1.2 | |
| Nagios Plugins | =3.0-beta7 | |
| Nagios Plugins | =3.0-rc2 | |
| Nagios Plugins | =1.0b5 | |
| op5 Monitor | =3.3.3 | |
| Nagios Plugins | =1.0_b3 | |
| Nagios Plugins | =2.0b1 | |
| op5 Monitor | =2.6 | |
| Nagios Plugins | =3.0 | |
| Nagios Plugins | =2.0 | |
| Nagios Plugins | =1.4 | |
| Nagios Plugins | =3.0-alpha1 | |
| Nagios Plugins | =1.4.1 | |
| Nagios Plugins | =3.0-beta6 | |
| Nagios Plugins | =2.0b3 | |
| Nagios Plugins | =1.3 | |
| Nagios Plugins | =2.11 | |
| Nagios Plugins | =3.0-alpha4 | |
| op5 Monitor | =3.0.0 | |
| Nagios Plugins | =2.0rc1 | |
| Nagios Plugins | =3.0-beta1 | |
| Nagios Plugins | =1.0_b1 | |
| Nagios Plugins | =2.3 | |
| Nagios Plugins | =1.0b1 | |
| Nagios Plugins | =3.0-beta3 | |
| Nagios Plugins | =3.0.3 | |
| op5 Monitor | =3.3.2 | |
| Nagios Plugins | =1.0b2 | |
| Nagios Plugins | =2.9 | |
| Nagios Plugins | =1.0_b2 | |
| Nagios Plugins | =2.0rc2 | |
| op5 Monitor | =2.4 | |
| op5 Monitor | =3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/32156
- http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel
- http://www.openwall.com/lists/oss-security/2008/11/06/2
- http://www.nagios.org/development/history/nagios-3x.php
- http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor
- http://secunia.com/advisories/33320
- http://www.ubuntu.com/usn/USN-698-1
- http://www.vupen.com/english/advisories/2008/3029
- http://www.vupen.com/english/advisories/2009/1256
- http://marc.info/?l=bugtraq&m=124156641928637&w=2
- http://secunia.com/advisories/35002
- http://www.securitytracker.com/id?1022165
- http://security.gentoo.org/glsa/glsa-200907-15.xml
- http://www.vupen.com/english/advisories/2008/3364
- https://www.ubuntu.com/usn/USN-698-3/
Frequently Asked Questions
What is the severity of CVE-2008-5027?
CVE-2008-5027 is considered a medium severity vulnerability impacting Nagios and op5 Monitor versions before specified patched releases.
How do I fix CVE-2008-5027?
To fix CVE-2008-5027, upgrade Nagios to version 3.0.5 or later and op5 Monitor to version 4.0.1 or later.
Who is affected by CVE-2008-5027?
CVE-2008-5027 affects remote authenticated users of Nagios versions before 3.0.5 and op5 Monitor versions before 4.0.1.
What kind of impact does CVE-2008-5027 have?
CVE-2008-5027 allows remote authenticated users to bypass authorization checks and execute arbitrary programs.
Is there a workaround for CVE-2008-5027?
There are no specific workarounds for CVE-2008-5027; the best mitigation is to apply the available updates.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/remedy
- agent/references
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/nagios
- canonical/nagios plugins
- version/nagios plugins/3.0-alpha3
- version/nagios plugins/2.0b5
- version/nagios plugins/2.7
- version/nagios plugins/2.4
- version/nagios plugins/3.0-rc3
- vendor/op5
- canonical/op5 monitor
- version/op5 monitor/4.0.0
- version/nagios plugins/3.0-beta4
- version/nagios plugins/2.0b6
- version/nagios plugins/1.0b3
- version/nagios plugins/1.1
- version/nagios plugins/3.0-alpha2
- version/nagios plugins/2.1
- version/op5 monitor/3.3.1
- version/nagios plugins/1.0b6
- version/nagios plugins/3.0.1
- version/nagios plugins/1.0
- version/nagios plugins/2.3.1
- version/nagios plugins/3.0-beta5
- version/nagios plugins/2.2
- version/nagios plugins/3.0-rc1
- version/op5 monitor/3.2
- version/nagios plugins/2.0b2
- version/op5 monitor/2.8
- version/op5 monitor/3.2.4
- version/nagios plugins/1.0b4
- version/nagios plugins/3.0.2
- version/nagios plugins/2.5
- version/nagios plugins/2.0b4
- version/nagios plugins/2.8
- version/nagios plugins/3.0.4
- version/nagios plugins/3.0-beta2
- version/nagios plugins/2.10
- version/nagios plugins/1.2
- version/nagios plugins/3.0-beta7
- version/nagios plugins/3.0-rc2
- version/nagios plugins/1.0b5
- version/op5 monitor/3.3.3
- version/nagios plugins/1.0_b3
- version/nagios plugins/2.0b1
- version/op5 monitor/2.6
- version/nagios plugins/3.0
- version/nagios plugins/2.0
- version/nagios plugins/1.4
- version/nagios plugins/3.0-alpha1
- version/nagios plugins/1.4.1
- version/nagios plugins/3.0-beta6
- version/nagios plugins/2.0b3
- version/nagios plugins/1.3
- version/nagios plugins/2.11
- version/nagios plugins/3.0-alpha4
- version/op5 monitor/3.0.0
- version/nagios plugins/2.0rc1
- version/nagios plugins/3.0-beta1
- version/nagios plugins/1.0_b1
- version/nagios plugins/2.3
- version/nagios plugins/1.0b1
- version/nagios plugins/3.0-beta3
- version/nagios plugins/3.0.3
- version/op5 monitor/3.3.2
- version/nagios plugins/1.0b2
- version/nagios plugins/2.9
- version/nagios plugins/1.0_b2
- version/nagios plugins/2.0rc2
- version/op5 monitor/2.4
- version/op5 monitor/3.0