CVE-2008-5028: CSRF
First published: Mon Nov 10 2008(Updated: )
Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nagios Plugins | =3.0-alpha3 | |
| Nagios Plugins | =2.0b5 | |
| Nagios Plugins | =2.7 | |
| Nagios Plugins | =2.4 | |
| Nagios Plugins | =3.0-rc3 | |
| op5 Monitor | <=4.0.0 | |
| Nagios Plugins | =3.0-beta4 | |
| Nagios Plugins | =2.0b6 | |
| Nagios Plugins | =1.0b3 | |
| Nagios Plugins | =1.1 | |
| Nagios Plugins | =3.0-alpha2 | |
| Nagios Plugins | =2.1 | |
| op5 Monitor | =3.3.1 | |
| Nagios Plugins | =1.0b6 | |
| Nagios Plugins | =3.0.1 | |
| Nagios Plugins | =1.0 | |
| Nagios Plugins | =2.3.1 | |
| Nagios Plugins | =3.0-beta5 | |
| Nagios Plugins | =2.2 | |
| Nagios Plugins | =3.0-rc1 | |
| op5 Monitor | =3.2 | |
| Nagios Plugins | =2.0b2 | |
| op5 Monitor | =2.8 | |
| op5 Monitor | =3.2.4 | |
| Nagios Plugins | =1.0b4 | |
| Nagios Plugins | =3.0.2 | |
| Nagios Plugins | =2.5 | |
| Nagios Plugins | =2.0b4 | |
| Nagios Plugins | =2.8 | |
| Nagios Plugins | <=3.0.4 | |
| Nagios Plugins | =3.0-beta2 | |
| Nagios Plugins | =2.10 | |
| Nagios Plugins | =1.2 | |
| Nagios Plugins | =3.0-beta7 | |
| Nagios Plugins | =3.0-rc2 | |
| Nagios Plugins | =1.0b5 | |
| op5 Monitor | =3.3.3 | |
| Nagios Plugins | =1.0_b3 | |
| Nagios Plugins | =2.0b1 | |
| op5 Monitor | =2.6 | |
| Nagios Plugins | =3.0 | |
| Nagios Plugins | =2.0 | |
| Nagios Plugins | =1.4 | |
| Nagios Plugins | =3.0-alpha1 | |
| Nagios Plugins | =1.4.1 | |
| Nagios Plugins | =3.0-beta6 | |
| Nagios Plugins | =2.0b3 | |
| Nagios Plugins | =1.3 | |
| Nagios Plugins | =2.11 | |
| Nagios Plugins | =3.0-alpha4 | |
| op5 Monitor | =3.0.0 | |
| Nagios Plugins | =2.0rc1 | |
| Nagios Plugins | =3.0-beta1 | |
| Nagios Plugins | =1.0_b1 | |
| Nagios Plugins | =2.3 | |
| Nagios Plugins | =1.0b1 | |
| Nagios Plugins | =3.0-beta3 | |
| Nagios Plugins | =3.0.3 | |
| op5 Monitor | =3.3.2 | |
| Nagios Plugins | =1.0b2 | |
| Nagios Plugins | =2.9 | |
| Nagios Plugins | =1.0_b2 | |
| Nagios Plugins | =2.0rc2 | |
| op5 Monitor | =2.4 | |
| op5 Monitor | =3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2008/11/06/2
- http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor
- http://secunia.com/advisories/32610
- http://git.op5.org/git/?p=nagios.git;a=commit;h=814d8d4d1a73f7151eeed187c0667585d79fea18
- http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel
- http://secunia.com/advisories/33320
- http://www.vupen.com/english/advisories/2008/3029
- http://secunia.com/advisories/35002
- http://www.vupen.com/english/advisories/2009/1256
- http://marc.info/?l=bugtraq&m=124156641928637&w=2
- http://www.securitytracker.com/id?1022165
- http://security.gentoo.org/glsa/glsa-200907-15.xml
- http://secunia.com/advisories/32630
- http://osvdb.org/49678
- https://www.ubuntu.com/usn/USN-698-3/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46521
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46426
- http://git.op5.org/git/?p=nagios.git%3Ba=commit%3Bh=814d8d4d1a73f7151eeed187c0667585d79fea18
Frequently Asked Questions
What is the severity of CVE-2008-5028?
CVE-2008-5028 is classified as a medium severity vulnerability due to its ability to allow unauthorized command execution.
How do I fix CVE-2008-5028?
To fix CVE-2008-5028, update Nagios to version 3.0.6 or later and op5 Monitor to version 4.0.1 or later.
What systems are affected by CVE-2008-5028?
CVE-2008-5028 affects Nagios versions up to 3.0.5 and op5 Monitor versions prior to 4.0.1.
What type of vulnerability is CVE-2008-5028?
CVE-2008-5028 is a Cross-Site Request Forgery (CSRF) vulnerability.
What can attackers do with CVE-2008-5028?
Attackers can exploit CVE-2008-5028 to send commands that trigger the execution of arbitrary programs on the Nagios process.
- agent/references
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-api
- agent/author
- vendor/nagios
- canonical/nagios plugins
- version/nagios plugins/3.0-alpha3
- version/nagios plugins/2.0b5
- version/nagios plugins/2.7
- version/nagios plugins/2.4
- version/nagios plugins/3.0-rc3
- vendor/op5
- canonical/op5 monitor
- version/op5 monitor/4.0.0
- version/nagios plugins/3.0-beta4
- version/nagios plugins/2.0b6
- version/nagios plugins/1.0b3
- version/nagios plugins/1.1
- version/nagios plugins/3.0-alpha2
- version/nagios plugins/2.1
- version/op5 monitor/3.3.1
- version/nagios plugins/1.0b6
- version/nagios plugins/3.0.1
- version/nagios plugins/1.0
- version/nagios plugins/2.3.1
- version/nagios plugins/3.0-beta5
- version/nagios plugins/2.2
- version/nagios plugins/3.0-rc1
- version/op5 monitor/3.2
- version/nagios plugins/2.0b2
- version/op5 monitor/2.8
- version/op5 monitor/3.2.4
- version/nagios plugins/1.0b4
- version/nagios plugins/3.0.2
- version/nagios plugins/2.5
- version/nagios plugins/2.0b4
- version/nagios plugins/2.8
- version/nagios plugins/3.0.4
- version/nagios plugins/3.0-beta2
- version/nagios plugins/2.10
- version/nagios plugins/1.2
- version/nagios plugins/3.0-beta7
- version/nagios plugins/3.0-rc2
- version/nagios plugins/1.0b5
- version/op5 monitor/3.3.3
- version/nagios plugins/1.0_b3
- version/nagios plugins/2.0b1
- version/op5 monitor/2.6
- version/nagios plugins/3.0
- version/nagios plugins/2.0
- version/nagios plugins/1.4
- version/nagios plugins/3.0-alpha1
- version/nagios plugins/1.4.1
- version/nagios plugins/3.0-beta6
- version/nagios plugins/2.0b3
- version/nagios plugins/1.3
- version/nagios plugins/2.11
- version/nagios plugins/3.0-alpha4
- version/op5 monitor/3.0.0
- version/nagios plugins/2.0rc1
- version/nagios plugins/3.0-beta1
- version/nagios plugins/1.0_b1
- version/nagios plugins/2.3
- version/nagios plugins/1.0b1
- version/nagios plugins/3.0-beta3
- version/nagios plugins/3.0.3
- version/op5 monitor/3.3.2
- version/nagios plugins/1.0b2
- version/nagios plugins/2.9
- version/nagios plugins/1.0_b2
- version/nagios plugins/2.0rc2
- version/op5 monitor/2.4
- version/op5 monitor/3.0