GLSA-201401-03 : Nagstamon: Information disclosure
Medium Nessus Plugin ID 71810
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201401-03 (Nagstamon: Information disclosure)
Nagstamon’s automatic request to check for updates includes plaintext username and password information for one of the monitor servers that the Nagstamon instance connects to.
A remote attacker could eavesdrop on this request and gain user credentials for a monitor server.
There is no known workaround at this time.
SolutionAll Nagstamon users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=net-analyzer/nagstamon-0.9.11_rc1'