Ubuntu Security Notice (C) 2008-2013 Canonical, Inc. / NASL script (C) 2009-2013 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related patches.
It was discovered that Nagios was vulnerable to a Cross-site request
forgery (CSRF) vulnerability. If an authenticated nagios user were
tricked into clicking a link on a specially crafted web page, an
attacker could trigger commands to be processed by Nagios and execute
arbitrary programs. This update alters Nagios behaviour by disabling
submission of CMD_CHANGE commands. (CVE-2008-5028)
It was discovered that Nagios did not properly parse commands
submitted using the web interface. An authenticated user could use a
custom form or a browser addon to bypass security restrictions and
submit unauthorized commands. (CVE-2008-5027).
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 6.8