CVE-2008-5027

The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon.
References
Link Resource
http://marc.info/?l=bugtraq&m=124156641928637&w=2
http://marc.info/?l=bugtraq&m=124156641928637&w=2
http://secunia.com/advisories/33320
http://secunia.com/advisories/35002
http://security.gentoo.org/glsa/glsa-200907-15.xml
http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel Patch Vendor Advisory
http://www.nagios.org/development/history/nagios-3x.php Patch
http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor Vendor Advisory
http://www.openwall.com/lists/oss-security/2008/11/06/2
http://www.securityfocus.com/bid/32156 Patch
http://www.securitytracker.com/id?1022165
http://www.ubuntu.com/usn/USN-698-1
http://www.vupen.com/english/advisories/2008/3029
http://www.vupen.com/english/advisories/2008/3364
http://www.vupen.com/english/advisories/2009/1256
https://www.ubuntu.com/usn/USN-698-3/
http://marc.info/?l=bugtraq&m=124156641928637&w=2
http://marc.info/?l=bugtraq&m=124156641928637&w=2
http://secunia.com/advisories/33320
http://secunia.com/advisories/35002
http://security.gentoo.org/glsa/glsa-200907-15.xml
http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel Patch Vendor Advisory
http://www.nagios.org/development/history/nagios-3x.php Patch
http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor Vendor Advisory
http://www.openwall.com/lists/oss-security/2008/11/06/2
http://www.securityfocus.com/bid/32156 Patch
http://www.securitytracker.com/id?1022165
http://www.ubuntu.com/usn/USN-698-1
http://www.vupen.com/english/advisories/2008/3029
http://www.vupen.com/english/advisories/2008/3364
http://www.vupen.com/english/advisories/2009/1256
https://www.ubuntu.com/usn/USN-698-3/
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nagios:nagios:*:*:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:1.0:*:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:1.0_b1:*:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:1.0_b2:*:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:1.0_b3:*:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:1.0b1:*:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:1.0b2:*:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:1.0b3:*:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:1.0b4:*:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:1.0b5:*:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:1.0b6:*:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:1.1:*:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:1.2:*:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:1.3:*:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:1.4:*:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:2.0:*:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:2.0b1:*:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:2.0b2:*:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:2.0b3:*:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:2.0b4:*:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:2.0b5:*:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:2.0b6:*:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:2.0rc1:*:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:2.0rc2:*:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:2.1:*:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:2.2:*:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:2.3:*:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:2.4:*:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:2.5:*:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:2.7:*:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:2.8:*:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:2.9:*:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:2.10:*:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:2.11:*:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:3.0:*:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:3.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:3.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:3.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:3.0:alpha4:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:3.0:beta1:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:3.0:beta2:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:3.0:beta3:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:3.0:beta4:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:3.0:beta5:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:3.0:beta6:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:3.0:beta7:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:3.0:rc1:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:3.0:rc2:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:3.0:rc3:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:nagios:nagios:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:op5:monitor:*:*:*:*:*:*:*:*
cpe:2.3:a:op5:monitor:2.4:*:*:*:*:*:*:*
cpe:2.3:a:op5:monitor:2.6:*:*:*:*:*:*:*
cpe:2.3:a:op5:monitor:2.8:*:*:*:*:*:*:*
cpe:2.3:a:op5:monitor:3.0:*:*:*:*:*:*:*
cpe:2.3:a:op5:monitor:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:op5:monitor:3.2:*:*:*:*:*:*:*
cpe:2.3:a:op5:monitor:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:op5:monitor:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:op5:monitor:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:op5:monitor:3.3.3:*:*:*:*:*:*:*

History

21 Nov 2024, 00:53

Type Values Removed Values Added
References () http://marc.info/?l=bugtraq&m=124156641928637&w=2 - () http://marc.info/?l=bugtraq&m=124156641928637&w=2 -
References () http://secunia.com/advisories/33320 - () http://secunia.com/advisories/33320 -
References () http://secunia.com/advisories/35002 - () http://secunia.com/advisories/35002 -
References () http://security.gentoo.org/glsa/glsa-200907-15.xml - () http://security.gentoo.org/glsa/glsa-200907-15.xml -
References () http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel - Patch, Vendor Advisory () http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel - Patch, Vendor Advisory
References () http://www.nagios.org/development/history/nagios-3x.php - Patch () http://www.nagios.org/development/history/nagios-3x.php - Patch
References () http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor - Vendor Advisory () http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor - Vendor Advisory
References () http://www.openwall.com/lists/oss-security/2008/11/06/2 - () http://www.openwall.com/lists/oss-security/2008/11/06/2 -
References () http://www.securityfocus.com/bid/32156 - Patch () http://www.securityfocus.com/bid/32156 - Patch
References () http://www.securitytracker.com/id?1022165 - () http://www.securitytracker.com/id?1022165 -
References () http://www.ubuntu.com/usn/USN-698-1 - () http://www.ubuntu.com/usn/USN-698-1 -
References () http://www.vupen.com/english/advisories/2008/3029 - () http://www.vupen.com/english/advisories/2008/3029 -
References () http://www.vupen.com/english/advisories/2008/3364 - () http://www.vupen.com/english/advisories/2008/3364 -
References () http://www.vupen.com/english/advisories/2009/1256 - () http://www.vupen.com/english/advisories/2009/1256 -
References () https://www.ubuntu.com/usn/USN-698-3/ - () https://www.ubuntu.com/usn/USN-698-3/ -

Information

Published : 2008-11-10 15:23

Updated : 2024-11-21 00:53


NVD link : CVE-2008-5027

Mitre link : CVE-2008-5027

CVE.ORG link : CVE-2008-5027


JSON object : View

Products Affected

nagios

  • nagios

op5

  • monitor
CWE
CWE-264

Permissions, Privileges, and Access Controls