Detections
Analytics
Debian DSA-1883-1 : nagios2 - missing input sanitising
medium Nessus Plugin ID 44748
Language:
Synopsis
The remote Debian host is missing a security-related update.Description
Several vulnerabilities have been found in nagios2, a host/service/network monitoring and management system. The Common Vulnerabilities and Exposures project identifies the following problems :Several cross-site scripting issues via several parameters were discovered in the CGI scripts, allowing attackers to inject arbitrary HTML code. In order to cover the different attack vectors, these issues have been assigned CVE-2007-5624, CVE-2007-5803 and CVE-2008-1360.
Solution
Upgrade the nagios2 packages.For the oldstable distribution (etch), these problems have been fixed in version 2.6-2+etch4.
The stable distribution (lenny) does not include nagios2, and nagios3 is not affected by these problems.
See Also
https://security-tracker.debian.org/tracker/CVE-2008-1360
https://www.debian.org/security/2009/dsa-1883
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=448371
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=482445
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=485439
Plugin Details
Severity: Medium
ID: 44748
File Name: debian_DSA-1883.nasl
Version: 1.10
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 2/24/2010
Updated: 1/4/2021
Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.8
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
Vulnerability Information
CPE: p-cpe:/a:debian:debian_linux:nagios2, cpe:/o:debian:debian_linux:4.0
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Patch Publication Date: 9/10/2009
Reference Information
CVE: CVE-2007-5624, CVE-2007-5803, CVE-2008-1360
CWE: 79
DSA: 1883