CVE-2008-5027

EUVD-2008-5006
The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
Affected Products (NVD)
VendorProductVersion
nagiosnagios
𝑥
≤ 3.0.4
nagiosnagios
1.0
nagiosnagios
1.0_b1:_b1
nagiosnagios
1.0_b2:_b2
nagiosnagios
1.0_b3:_b3
nagiosnagios
1.0b1:b1
nagiosnagios
1.0b2:b2
nagiosnagios
1.0b3:b3
nagiosnagios
1.0b4:b4
nagiosnagios
1.0b5:b5
nagiosnagios
1.0b6:b6
nagiosnagios
1.1
nagiosnagios
1.2
nagiosnagios
1.3
nagiosnagios
1.4
nagiosnagios
1.4.1
nagiosnagios
2.0
nagiosnagios
2.0b1:b1
nagiosnagios
2.0b2:b2
nagiosnagios
2.0b3:b3
nagiosnagios
2.0b4:b4
nagiosnagios
2.0b5:b5
nagiosnagios
2.0b6:b6
nagiosnagios
2.0rc1:rc1
nagiosnagios
2.0rc2:rc2
nagiosnagios
2.1
nagiosnagios
2.2
nagiosnagios
2.3
nagiosnagios
2.3.1
nagiosnagios
2.4
nagiosnagios
2.5
nagiosnagios
2.7
nagiosnagios
2.8
nagiosnagios
2.9
nagiosnagios
2.10
nagiosnagios
2.11
nagiosnagios
3.0
nagiosnagios
3.0:alpha1
nagiosnagios
3.0:alpha2
nagiosnagios
3.0:alpha3
nagiosnagios
3.0:alpha4
nagiosnagios
3.0:beta1
nagiosnagios
3.0:beta2
nagiosnagios
3.0:beta3
nagiosnagios
3.0:beta4
nagiosnagios
3.0:beta5
nagiosnagios
3.0:beta6
nagiosnagios
3.0:beta7
nagiosnagios
3.0:rc1
nagiosnagios
3.0:rc2
nagiosnagios
3.0:rc3
nagiosnagios
3.0.1
nagiosnagios
3.0.2
nagiosnagios
3.0.3
op5monitor
𝑥
≤ 4.0.0
op5monitor
2.4
op5monitor
2.6
op5monitor
2.8
op5monitor
3.0
op5monitor
3.0.0
op5monitor
3.2
op5monitor
3.2.4
op5monitor
3.3.1
op5monitor
3.3.2
op5monitor
3.3.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
nagios
dapper
Fixed 2:1.3-cvs.20050402-8ubuntu8
released
gutsy
ignored
hardy
dne
intrepid
dne
nagios2
dapper
dne
gutsy
ignored
hardy
Fixed 2.11-1ubuntu1.4
released
intrepid
dne
nagios3
dapper
dne
gutsy
dne
hardy
dne
intrepid
Fixed 3.0.2-1ubuntu1.1
released
Common Weakness Enumeration
References
http://marc.info/?l=bugtraq&m=124156641928637&w=2
http://secunia.com/advisories/33320
http://secunia.com/advisories/35002
http://security.gentoo.org/glsa/glsa-200907-15.xml
http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel
http://www.nagios.org/development/history/nagios-3x.php
http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor
http://www.openwall.com/lists/oss-security/2008/11/06/2
http://www.securityfocus.com/bid/32156
http://www.securitytracker.com/id?1022165
http://www.ubuntu.com/usn/USN-698-1
http://www.vupen.com/english/advisories/2008/3029
http://www.vupen.com/english/advisories/2008/3364
http://www.vupen.com/english/advisories/2009/1256
https://www.ubuntu.com/usn/USN-698-3/
http://marc.info/?l=bugtraq&m=124156641928637&w=2
http://secunia.com/advisories/33320
http://secunia.com/advisories/35002
http://security.gentoo.org/glsa/glsa-200907-15.xml
http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel
http://www.nagios.org/development/history/nagios-3x.php
http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor
http://www.openwall.com/lists/oss-security/2008/11/06/2
http://www.securityfocus.com/bid/32156
http://www.securitytracker.com/id?1022165
http://www.ubuntu.com/usn/USN-698-1
http://www.vupen.com/english/advisories/2008/3029
http://www.vupen.com/english/advisories/2008/3364
http://www.vupen.com/english/advisories/2009/1256
https://www.ubuntu.com/usn/USN-698-3/