Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5027

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2008-5027
Last Modified 07 Mar 2011 10:13:44
Published 10 Nov 2008 10:23:29
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-5027

Summary

The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon.

Vulnerable Systems

Application

  • Nagios 1.0

  • Nagios 1.0 B1

  • Nagios 1.0 B2

  • Nagios 1.0 B3

  • Nagios 1.0b1

  • Nagios 1.0b2

  • Nagios 1.0b3

  • Nagios 1.0b4

  • Nagios 1.0b5

  • Nagios 1.0b6

  • Nagios 1.1

  • Nagios 1.2

  • Nagios 1.3

  • Nagios 1.4

  • Nagios 1.4.1

  • Nagios 2.0

  • Nagios 2.0b1

  • Nagios 2.0b2

  • Nagios 2.0b3

  • Nagios 2.0b4

  • Nagios 2.0b5

  • Nagios 2.0b6

  • Nagios 2.0rc1

  • Nagios 2.0rc2

  • Nagios 2.1

  • Nagios 2.10

  • Nagios 2.11

  • Nagios 2.2

  • Nagios 2.3

  • Nagios 2.3.1

  • Nagios 2.4

  • Nagios 2.5

  • Nagios 2.7

  • Nagios 2.8

  • Nagios 2.9

  • Nagios 3.0

  • Nagios 3.0.1

  • Nagios 3.0.2

  • Nagios 3.0.3

  • Nagios 3.0.4

  • Op5 Monitor 2.4

  • Op5 Monitor 2.6

  • Op5 Monitor 2.8

  • Op5 Monitor 3.0

  • Op5 Monitor 3.0.0

  • Op5 Monitor 3.2

  • Op5 Monitor 3.2.4

  • Op5 Monitor 3.3.1

  • Op5 Monitor 3.3.2

  • Op5 Monitor 3.3.3

  • Op5 Monitor 4.0.0


References

BID - 32156

MISC - http://www.nagios.org/development/history/nagios-3x.php

MLIST - [nagios-devel] 20081107 Security fixes completed

UBUNTU - USN-698-3

VUPEN - ADV-2009-1256

VUPEN - ADV-2008-3364

VUPEN - ADV-2008-3029

UBUNTU - USN-698-1

SECTRACK - 1022165

MLIST - [oss-security] 20081106 CVE request: Nagios (two issues)

CONFIRM - http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor

GENTOO - GLSA-200907-15

SECUNIA - 35002

SECUNIA - 33320

HP - SSRT090060

HP - HPSBMA02419


Last Updated: 27 May 2016 11:02:32