Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5028

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-5028
Last Modified 13 Aug 2009 01:27:23
Published 10 Nov 2008 10:23:29
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-5028

Summary

Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests.

Vulnerable Systems

Application

  • Nagios 1.0

  • Nagios 1.0 B1

  • Nagios 1.0 B2

  • Nagios 1.0 B3

  • Nagios 1.0b1

  • Nagios 1.0b2

  • Nagios 1.0b3

  • Nagios 1.0b4

  • Nagios 1.0b5

  • Nagios 1.0b6

  • Nagios 1.1

  • Nagios 1.2

  • Nagios 1.3

  • Nagios 1.4

  • Nagios 1.4.1

  • Nagios 2.0

  • Nagios 2.0b1

  • Nagios 2.0b2

  • Nagios 2.0b3

  • Nagios 2.0b4

  • Nagios 2.0b5

  • Nagios 2.0b6

  • Nagios 2.0rc1

  • Nagios 2.0rc2

  • Nagios 2.1

  • Nagios 2.10

  • Nagios 2.11

  • Nagios 2.2

  • Nagios 2.3

  • Nagios 2.3.1

  • Nagios 2.4

  • Nagios 2.5

  • Nagios 2.7

  • Nagios 2.8

  • Nagios 2.9

  • Nagios 3.0

  • Nagios 3.0.1

  • Nagios 3.0.2

  • Nagios 3.0.3

  • Nagios 3.0.4

  • Op5 Monitor 2.4

  • Op5 Monitor 2.6

  • Op5 Monitor 2.8

  • Op5 Monitor 3.0

  • Op5 Monitor 3.0.0

  • Op5 Monitor 3.2

  • Op5 Monitor 3.2.4

  • Op5 Monitor 3.3.1

  • Op5 Monitor 3.3.2

  • Op5 Monitor 3.3.3

  • Op5 Monitor 4.0.0


References

CONFIRM - http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor

MLIST - [nagios-devel] 20081107 Security fixes completed

UBUNTU - USN-698-3

XF - op5monitor-unspecified-csrf(46521)

XF - nagios-cmd-csrf(46426)

VUPEN - ADV-2009-1256

VUPEN - ADV-2008-3029

SECTRACK - 1022165

MLIST - [oss-security] 20081106 CVE request: Nagios (two issues)

GENTOO - GLSA-200907-15

SECUNIA - 35002

SECUNIA - 33320

SECUNIA - 32630

SECUNIA - 32610

OSVDB - 49678

HP - SSRT090060

CONFIRM - http://git.op5.org/git/?p=nagios.git;a=commit;h=814d8d4d1a73f7151eeed187c0667585d79fea18

HP - HPSBMA02419


Last Updated: 27 May 2016 11:02:32