FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-5027

This CVE name corresponds to:

Entered Topic
2009-01-12 nagios -- web interface privilege escalation vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2008-5027
Phase Assigned(20081110)

Description

The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon.

References

Source Reference
MLIST [nagios-devel] 20081107 Security fixes completed
MLIST [oss-security] 20081106 CVE request: Nagios (two issues)
MISC http://www.nagios.org/development/history/nagios-3x.php
CONFIRM http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor
GENTOO GLSA-200907-15
HP HPSBMA02419
HP SSRT090060
UBUNTU USN-698-3
UBUNTU USN-698-1
BID 32156
SECTRACK 1022165
SECUNIA 35002
VUPEN ADV-2008-3364
SECUNIA 33320
VUPEN ADV-2008-3029
VUPEN ADV-2009-1256