FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

nagios -- web interface privilege escalation vulnerability

Affected packages
nagios < 3.0.5
nagios2 < 2.12_2

Details

VuXML ID d4a358d3-e09a-11dd-a765-0030843d3802
Discovery 2008-11-06
Entry 2009-01-12
Modified 2009-01-15

securityfocus reports:

An attacker with low-level privileges may exploit this issue to bypass authorization and cause arbitrary commands to run within the context of the Nagios server. This may aid in further attacks.

References

Bugtraq ID 32156
CVE Name CVE-2008-5027
URL http://secunia.com/advisories/33320
URL http://www.nagios.org/development/history/nagios-3x.php
URL http://www.ubuntu.com/usn/USN-698-1