Ubuntu 8.04 LTS : nagios2 vulnerabilities (USN-698-3)

Ubuntu Security Notice (C) 2008-2013 Canonical, Inc. / NASL script (C) 2009-2013 Tenable Network Security, Inc.

Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

It was discovered that Nagios was vulnerable to a Cross-site request
forgery (CSRF) vulnerability. If an authenticated nagios user were
tricked into clicking a link on a specially crafted web page, an
attacker could trigger commands to be processed by Nagios and execute
arbitrary programs. This update alters Nagios behaviour by disabling
submission of CMD_CHANGE commands. (CVE-2008-5028)

It was discovered that Nagios did not properly parse commands
submitted using the web interface. An authenticated user could use a
custom form or a browser addon to bypass security restrictions and
submit unauthorized commands. (CVE-2008-5027).

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 37968 ()

Bugtraq ID:

CVE ID: CVE-2008-5027