CVE-2008-5027

Severity

65%

Complexity

80%

Confidentiality

106%

The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon.

The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon.

CVSS 2.0 Base Score 6.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P).

Overview

First reported 16 years ago

2008-11-10 15:23:00

Last updated 8 years ago

2016-12-08 03:01:00

Affected Software

Nagios 3.0

3.0

Nagios 3.0 alpha1

3.0

Nagios 3.0 alpha2

3.0

Nagios 3.0 alpha3

3.0

Nagios 3.0 alpha4

3.0

Nagios 3.0 beta1

3.0

Nagios 3.0 beta2

3.0

Nagios 3.0 beta3

3.0

Nagios 3.0 beta4

3.0

Nagios 3.0 beta5

3.0

Nagios 3.0 beta6

3.0

Nagios 3.0 beta7

3.0

Nagios 3.0 release candidate 1

3.0

Nagios 3.0.release candidate 2

3.0

Nagios 3.0 release candidate 3

3.0

Nagios 3.0.1

3.0.1

Nagios 3.0.2

3.0.2

Nagios 3.0.3

3.0.3

References

SSRT090060

33320

35002

GLSA-200907-15

[nagios-devel] 20081107 Security fixes completed

Patch, Vendor Advisory

http://www.nagios.org/development/history/nagios-3x.php

Patch

http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor

Vendor Advisory

[oss-security] 20081106 CVE request: Nagios (two issues)

32156

Patch

1022165

USN-698-1

ADV-2008-3029

ADV-2008-3364

ADV-2009-1256

USN-698-3

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.