微慑信息网

CVE-2008-1360-漏洞详情

CVE-2008-1360
CVSS 4.3
发布时间 :2008-03-17 13:44:00
修订时间 :2011-03-07 22:06:58
NMCOPS    

[原文]Cross-site scripting (XSS) vulnerability in Nagios before 2.11 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts, a different issue than CVE-2007-5624.


[CNNVD]Nagios 未明CGI脚本跨站脚本攻击漏洞(CNNVD-200803-253)

        Nagios中存在跨站脚本攻击漏洞。远程攻击者通过未明向量到达未明CGI脚本,以注入任意web脚本或HTML。


CVSS (基础分值)

CVSS分值: 4.3 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]


CWE (弱点类目)

CWE-79 [在Web页面生成时对输入的转义处理不恰当(跨站脚本)]


CPE (受影响的平台与产品)

cpe:/a:nagios:nagios:2.9
cpe:/a:nagios:nagios:2.3
cpe:/a:nagios:nagios:2.3.1
cpe:/a:nagios:nagios:2.8
cpe:/a:nagios:nagios:2.10
cpe:/a:nagios:nagios:2.7
cpe:/a:nagios:nagios:2.2


OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:7884 DSA-1883 nagios2 — missing input sanitising
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。


官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1360

(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1360

(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200803-253

(官方数据源) CNNVD


其它链接及资源

http://www.securityfocus.com/bid/28250


(PATCH)  BID  28250
http://www.vupen.com/english/advisories/2008/0900/references


(UNKNOWN)  VUPEN  ADV-2008-0900
http://www.nagios.org/development/changelog.php#2x_branch


(UNKNOWN)  CONFIRM  http://www.nagios.org/development/changelog.php#2x_branch
http://secunia.com/advisories/29363


(VENDOR_ADVISORY)  SECUNIA  29363
http://xforce.iss.net/xforce/xfdb/41210


(UNKNOWN)  XF  nagios-unspecified-xss(41210)
http://www.mandriva.com/security/advisories?name=MDVSA-2008:067


(UNKNOWN)  MANDRIVA  MDVSA-2008:067
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html


(UNKNOWN)  SUSE  SUSE-SR:2008:011


漏洞信息

Nagios 未明CGI脚本跨站脚本攻击漏洞
中危 跨站脚本
2008-03-17 00:00:00 2008-09-05 00:00:00
远程  
        Nagios中存在跨站脚本攻击漏洞。远程攻击者通过未明向量到达未明CGI脚本,以注入任意web脚本或HTML。


公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:


        Nagios Nagios 2.2


        Nagios Nagios 2.11


        http://www.nagios.org/download/


        Debian Linux 4.0 arm


        Debian nagios2-common_2.6-2+etch4_all.deb


        http://security.debian.org/pool/updates/main/n/nagios2/nagios2-common_ 2.6-2+etch4_all.deb


        Debian nagios2-common_2.6-2+etch5_all.deb


        http://security.debian.org/pool/updates/main/n/nagios2/nagios2-common_ 2.6-2+etch5_all.deb


        Debian nagios2-dbg_2.6-2+etch4_arm.deb


        http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6 -2+etch4_arm.deb


        Debian nagios2-dbg_2.6-2+etch5_arm.deb


        http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6 -2+etch5_arm.deb


        Debian nagios2-doc_2.6-2+etch4_all.deb


        http://security.debian.org/pool/updates/main/n/nagios2/nagios2-doc_2.6 -2+etch4_all.deb


        Debian nagios2-doc_2.6-2+etch5_all.deb


        http://security.debian.org/pool/updates/main/n/nagios2/nagios2-doc_2.6 -2+etch5_all.deb


        Debian nagios2_2.6-2+etch4_arm.deb


        http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+e tch4_arm.deb


        Debian nagios2_2.6-2+etch5_arm.deb


        http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+e tch5_arm.deb


        Debian Linux 4.0 powerpc


        Debian nagios2-common_2.6-2+etch4_all.deb


        http://security.debian.org/pool/updates/main/n/nagios2/nagios2-common_ 2.6-2+etch4_all.deb


        Debian nagios2-common_2.6-2+etch5_all.deb


        http://security.debian.org/pool/updates/main/n/nagios2/nagios2-common_ 2.6-2+etch5_all.deb


        Debian nagios2-dbg_2.6-2+etch4_powerpc.deb


        http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6 -2+etch4_powerpc.deb


        Debian nagios2-dbg_2.6-2+etch5_powerpc.deb


        http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6 -2+etch5_powerpc.deb


        Debian nagios2-doc_2.6-2+etch4_all.deb


        http://security.debian.org/pool/updates/main/n/nagios2/nagios2-doc_2.6 -2+etch4_all.deb


        Debian nagios2-doc_2.6-2+etch5_all.deb


        http://security.debian.org/pool/updates/main/n/nagios2/nagios2-doc_2.6 -2+etch5_all.deb


        Debian nagios2_2.6-2+etch4_powerpc.deb


        http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+e tch4_powerpc.deb


        Debian nagios2_2.6-2+etch5_powerpc.deb


        http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+e tch5_powerpc.deb


        Debian Linux 4.0 m68k


        Debian nagios2-common_2.6-2+etch4_all.deb


        http://security.debian.org/pool/updates/main/n/nagios2/nagios2-common_ 2.6-2+etch4_all.deb


        Debian nagios2-common_2.6-2+etch5_all.deb


        http://security.debian.org/pool/updates/main/n/nagios2/nagios2-common_ 2.6-2+etch5_all.deb


        Debian nagios2-doc_2.6-2+etch4_all.deb


        http://security.debian.org/pool/updates/main/n/nagios2/nagios2-doc_2.6 -2+etch4_all.deb


        Debian nagios2-doc_2.6-2+etch5_all.deb


        http://security.debian.org/pool/updates/main/n/nagios2/nagios2-doc_2.6 -2+etch5_all.deb


        Nagios Nagios 2.3


        Nagios Nagios 2.11


        http://www.nagios.org/download/


        Debian Linux 4.0 amd64


        Debian nagios2-common_2.6-2+etch4_all.deb


        http://security.debian.org/pool/updates/main/n/nagios2/nagios2-common_ 2.6-2+etch4_all.deb


        Debian nagios2-common_2.6-2+etch5_all.deb


        http://security.debian.org/pool/updates/main/n/nagios2/nagios2-common_ 2.6-2+etch5_all.deb


        Debian nagios2-dbg_2.6-2+etch4_amd64.deb


        http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6 -2+etch4_amd64.deb


        Debian nagios2-dbg_2.6-2+etch5_amd64.deb


        http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6 -2+etch5_amd64.deb


        Debian nagios2-doc_2.6-2+etch4_all.deb


        http://security.debian.org/pool/updates/main/n/nagios2/nagios2-doc_2.6 -2+etch4_all.deb


        Debian nagios2-doc_2.6-2+etch5_all.deb


        http://security.debian.org/pool/updates/main/n/nagios2/nagios2-doc_2.6 -2+etch5_all.deb


        Debian nagios2_2.6-2+etch4_amd64.deb


        http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+e tch4_amd64.deb


        Debian nagios2_2.6-2+etch5_amd64.deb


        http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+e tch5_amd64.deb


        Debian Linux 4.0 ia-32


        Debian nagios2-common_2.6-2+etch4_all.deb


        http://security.debian.org/pool/update


漏洞信息 (F81283)

Debian Linux Security Advisory 1883-2 (PacketStormID:F81283)

2009-09-15 00:00:00
Debian  debian.org

advisory,cgi

linux,debian

CVE-2007-5624,CVE-2007-5803,CVE-2008-1360

[点击下载]

Debian Security Advisory 1883-2 – The previous nagios2 update introduced a regression, which caused status.cgi to segfault when used directly without specifying the 'host' variable. This update fixes the problem.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1883-2                  [email protected]
http://www.debian.org/security/                      Giuseppe Iuculano
September 14, 2009                    http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : nagios2
Vulnerability  : missing input sanitising
Problem type   : remote
Debian-specific: no
CVE Ids        : CVE-2007-5624 CVE-2007-5803 CVE-2008-1360
Debian Bugs    : 448371 482445 485439

The previous nagios2 update introduced a regression, which caused
status.cgi to segfault when used directly without specifying the 'host'
variable. This update fixes the problem. For reference the original
advisory text follows.

Several vulnerabilities have been found in nagios2, ahost/service/network
monitoring and management system. The Common Vulnerabilities and
Exposures project identifies the following problems:

Several cross-site scripting issues via several parameters were
discovered in the CGI scripts, allowing attackers to inject arbitrary
HTML code. In order to cover the different attack vectors, these issues
have been assigned CVE-2007-5624, CVE-2007-5803 and CVE-2008-1360.

For the oldstable distribution (etch), these problems have been fixed in
version 2.6-2+etch5.

The stable distribution (lenny) does not include nagios2 and nagios3 is
not affected by these problems.

The testing distribution (squeeze) and the unstable distribution (sid)
do not contain nagios2 and nagios3 is not affected by these problems.

We recommend that you upgrade your nagios2 packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (oldstable)
- ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch5.diff.gz
    Size/MD5 checksum:    35726 1c9d7955bb59162fa82934ef12c53d73
  http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch5.dsc
    Size/MD5 checksum:      948 93eeeb6eb5ba0d7d3d5c659f9cc762e4
  http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6.orig.tar.gz
    Size/MD5 checksum:  1734400 a032edba07bf389b803ce817e9406c02

Architecture independent packages:

  http://security.debian.org/pool/updates/main/n/nagios2/nagios2-common_2.6-2+etch5_all.deb
    Size/MD5 checksum:    59516 8edae60c2b64183afbd5b5c5c79df649
  http://security.debian.org/pool/updates/main/n/nagios2/nagios2-doc_2.6-2+etch5_all.deb
    Size/MD5 checksum:  1150060 c5b23e507b405aed13e6148381a5161f

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch5_alpha.deb
    Size/MD5 checksum:  1222220 33fac2a26d60b48a2e3d6cc03ef161f2
  http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch5_alpha.deb
    Size/MD5 checksum:  1703082 685386628adefdea4ef139d8d073be57

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch5_amd64.deb
    Size/MD5 checksum:  1688192 fdc3c934dc4e0afa728d9789fc1071aa
  http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch5_amd64.deb
    Size/MD5 checksum:  1098470 c08807062733811fa047eb15d9727c82

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch5_arm.deb
    Size/MD5 checksum:  1025042 a9d7fa95c7eac54287a2e73478ea3ba6
  http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch5_arm.deb
    Size/MD5 checksum:  1537944 59b06b0f6ae1061d01a7f1a7b85fb4b4

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch5_hppa.deb
    Size/MD5 checksum:  1621998 07cca557bc05cb0f4845f05c0d2b9311
  http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch5_hppa.deb
    Size/MD5 checksum:  1148900 d5b10578c95a21ce66ff11cc5a870047

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch5_i386.deb
    Size/MD5 checksum:  1587914 84dcc6957ce50c2b6e7ff243d21b5e8d
  http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch5_i386.deb
    Size/MD5 checksum:  1017162 d57c40f4621e185fee5fe0bbd814b7d5

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch5_ia64.deb
    Size/MD5 checksum:  1623636 7abc0f025330c87d2c7a9b4bf3252d16
  http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch5_ia64.deb
    Size/MD5 checksum:  1711368 59bd21369a4a978d1509fe15f7b59349

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch5_mipsel.deb
    Size/MD5 checksum:  1663800 7fae1ba19b03ab963b9a4dfa2055cfc5
  http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch5_mipsel.deb
    Size/MD5 checksum:  1104990 2536c8ff0b839a7028fc605b2f2faab8

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch5_powerpc.deb
    Size/MD5 checksum:  1667892 06826d82ff58171d82bdee8c3eb32b61
  http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch5_powerpc.deb
    Size/MD5 checksum:  1088416 0552ad5628f45dd8a0e69d0f126a40b1

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch5_sparc.deb
    Size/MD5 checksum:  1485348 46f02971253b25e3e9622bc95863d022
  http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch5_sparc.deb
    Size/MD5 checksum:   988288 d289d9b68334c7c5a1486771136cac4c

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkquV9MACgkQ62zWxYk/rQeIDACfQYbt5mrdv8WsxrF9XedJoFuk
pRIAnjQKB2pY0CtUeUQBLt+njobuqbJJ
=IyDf
-----END PGP SIGNATURE-----
    


漏洞信息 (F81133)

Debian Linux Security Advisory 1883-1 (PacketStormID:F81133)

2009-09-10 00:00:00
Debian  debian.org

advisory,vulnerability

linux,debian

CVE-2007-5624,CVE-2007-5803,CVE-2008-1360

[点击下载]

Debian Security Advisory 1883-1 – Several vulnerabilities have been found in nagios2, ahost/service/network monitoring and management system.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1883-1                  [email protected]
http://www.debian.org/security/                      Giuseppe Iuculano
September 10, 2009                    http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : nagios2
Vulnerability  : missing input sanitising
Problem type   : remote
Debian-specific: no
CVE Ids        : CVE-2007-5624 CVE-2007-5803 CVE-2008-1360
Debian Bugs    : 448371 482445 485439

Several vulnerabilities have been found in nagios2, ahost/service/network
monitoring and management system. The Common Vulnerabilities and
Exposures project identifies the following problems:

Several cross-site scripting issues via several parameters were
discovered in the CGI scripts, allowing attackers to inject arbitrary
HTML code. In order to cover the different attack vectors, these issues
have been assigned CVE-2007-5624, CVE-2007-5803 and CVE-2008-1360.

For the oldstable distribution (etch), these problems have been fixed in
version 2.6-2+etch4.

The stable distribution (lenny) does not include nagios2 and nagios3 is
not affected by these problems.

The testing distribution (squeeze) and the unstable distribution (sid)
do not contain nagios2 and nagios3 is not affected by these problems.

We recommend that you upgrade your nagios2 packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (oldstable)
- ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch4.diff.gz
    Size/MD5 checksum:    35589 5aee898df4f6ea4a0fa4a1fb22390a0b
  http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6.orig.tar.gz
    Size/MD5 checksum:  1734400 a032edba07bf389b803ce817e9406c02
  http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch4.dsc
    Size/MD5 checksum:      948 a4bd33d2bd5c812b5c9899fc41651e37

Architecture independent packages:

  http://security.debian.org/pool/updates/main/n/nagios2/nagios2-doc_2.6-2+etch4_all.deb
    Size/MD5 checksum:  1149816 8b2d0a07cd650edc3e6d33f74b480cb2
  http://security.debian.org/pool/updates/main/n/nagios2/nagios2-common_2.6-2+etch4_all.deb
    Size/MD5 checksum:    59416 f70cd9aa86a0eb1b64a914b40da984cd

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch4_alpha.deb
    Size/MD5 checksum:  1222136 4dc7d3e1230632930471fb0e0dcbd496
  http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch4_alpha.deb
    Size/MD5 checksum:  1702766 6ff7f9e7bb6cdaa0cea2fb0dfe35ae72

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch4_amd64.deb
    Size/MD5 checksum:  1687984 4c28fa0a9fa9883cdff1e038c56924e0
  http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch4_amd64.deb
    Size/MD5 checksum:  1097788 31afdb67e26e5f1a56a9da11117a1452

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch4_arm.deb
    Size/MD5 checksum:  1537452 4e4d636a0699cf9f714a522885894a4e
  http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch4_arm.deb
    Size/MD5 checksum:  1023982 fb3a8f2b2b592bafcf1830172a7d5a8e

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch4_hppa.deb
    Size/MD5 checksum:  1148976 c875e0ab58ca0f39bf34b1704cc4a969
  http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch4_hppa.deb
    Size/MD5 checksum:  1622072 e002a9c7703542bd8aa8e509238ba29c

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch4_i386.deb
    Size/MD5 checksum:  1587836 778bd65bfb6cfb1f3f0efcb872a32360
  http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch4_i386.deb
    Size/MD5 checksum:  1016950 720d00ef27782b51c0b7e675c2f82309

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch4_ia64.deb
    Size/MD5 checksum:  1623324 1a157461c15e81c93670ad92c3792b69
  http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch4_ia64.deb
    Size/MD5 checksum:  1711252 762d02684f9db0f34c92bd7d7b6ebbcf

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch4_mips.deb
    Size/MD5 checksum:  1105228 bdc34a55e69e12061ee6ea274f111c78
  http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch4_mips.deb
    Size/MD5 checksum:  1710346 4cbc8945fe0fbcaa241a9abe3790205c

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch4_mipsel.deb
    Size/MD5 checksum:  1663580 46330520785afa00addcf8f97dbef312
  http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch4_mipsel.deb
    Size/MD5 checksum:  1104930 b5a2ee4c401e8e498ae0d4e087e2be8e

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch4_powerpc.deb
    Size/MD5 checksum:  1088364 ffa92a52851e793f11a63b4e56767e9e
  http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch4_powerpc.deb
    Size/MD5 checksum:  1667356 9418e0cf94e1499f46728c5376402b90

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch4_sparc.deb
    Size/MD5 checksum:   988232 9aec288a67ae036df5da714ea72ee19f
  http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch4_sparc.deb
    Size/MD5 checksum:  1484954 8b8e2ee9598191fd5f30132e8d87ebe1

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkqoeWMACgkQ62zWxYk/rQcqJgCePF6cf7Q3yXmYxxtO1KUNrA5x
nGIAoLAKEdl7kuR7HIa42dIm2QqBiV3X
=5FKp
-----END PGP SIGNATURE-----
    


漏洞信息 (F64698)

Mandriva Linux Security Advisory 2008-067 (PacketStormID:F64698)

2008-03-19 00:00:00
Mandriva  mandriva.com

advisory,overflow,vulnerability,xss

linux,mandriva

CVE-2007-5198,CVE-2007-5623,CVE-2007-5624,CVE-2008-1360

[点击下载]

Mandriva Linux Security Advisory – A number of vulnerabilities were found in Nagios and Nagios Plugins that are corrected with the latest version of both, as provided in this update. These vulnerabilities are buffer overflows and cross site scripting flaws.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2008:067
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : nagios
 Date    : March 18, 2008
 Affected: Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 A number of vulnerabities were found in Nagios and Nagios Plugins
 that are corrected with the latest version of both, as provided in
 this update, including:

 A buffer overflow in the redir function in the check_http plugin
 allowed remote web servers to execute arbitrary code via long Location
 header responses (CVE-2007-5198).

 A buffer overflow in the check_snmp plugin allowed remote attackers to
 cause a denial of service via crafted snmpget replies (CVE-2007-5623).

 Cross-site scripting vulnerabilities in Nagios allowed remote
 attackers to inject arbitrary web script or HTML via unknown vectors
 to unspecified CGI scripts (CVE-2007-5624, CVE-2008-1360).

 The updated packages provide Nagios 3.0 and Nagios Plugins 1.4.11
 which are not vulnerable to these issues, and provide a number of
 other enhancements and bug fixes.  In addition, the packaging has been
 optimized to reduce the number of extra dependencies that would have
 to be installed; as a result you may have to install extra plugins
 independantly that were once part of the full nagios-plugins package.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5198
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5623
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5624
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1360
 _______________________________________________________________________

 Updated Packages:

 Corporate 4.0:
 fa2f99cbe9ab329c472055ea718b9708  corporate/4.0/i586/nagios-3.0-0.1.20060mlcs4.i586.rpm
 9137c64cb84f8df0532da8dd8d08f237  corporate/4.0/i586/nagios-check_adptraid-1.4.11-10.1.20060mlcs4.i586.rpm
 40696d0e99f3a25e5375df0a1a82af2f  corporate/4.0/i586/nagios-check_apache-1.4.11-10.1.20060mlcs4.i586.rpm
 94f37c18369bcaac78a3c7fc178866c4  corporate/4.0/i586/nagios-check_apc_ups-1.4.11-10.1.20060mlcs4.i586.rpm
 9272b5085f369acace873b278241b705  corporate/4.0/i586/nagios-check_appletalk-1.4.11-10.1.20060mlcs4.i586.rpm
 caab09182bad2a03b7b63d327875051d  corporate/4.0/i586/nagios-check_apt-1.4.11-10.1.20060mlcs4.i586.rpm
 d7496d03f60d707220ae7daa8edd23e3  corporate/4.0/i586/nagios-check_arping-1.4.11-10.1.20060mlcs4.i586.rpm
 6f5270712f2b4bf4f3f1e405bf18f3f7  corporate/4.0/i586/nagios-check_asterisk-1.4.11-10.1.20060mlcs4.i586.rpm
 06153cee3637acf594333101247b1838  corporate/4.0/i586/nagios-check_axis-1.4.11-10.1.20060mlcs4.i586.rpm
 b8dff524d5adb1396ef4ca982ea0ac60  corporate/4.0/i586/nagios-check_backup-1.4.11-10.1.20060mlcs4.i586.rpm
 839b84c519f31b606f1748fc4a5e3bfe  corporate/4.0/i586/nagios-check_bgp-1.4.11-10.1.20060mlcs4.i586.rpm
 ab9e2c29bab81694c91fe447ddf42e9b  corporate/4.0/i586/nagios-check_bgpstate-1.4.11-10.1.20060mlcs4.i586.rpm
 3243bdd01fa1b4aa0127a524bda45ca1  corporate/4.0/i586/nagios-check_breeze-1.4.11-10.1.20060mlcs4.i586.rpm
 e98aa912280e4f2013f6a5ce51f7af02  corporate/4.0/i586/nagios-check_by_ssh-1.4.11-10.1.20060mlcs4.i586.rpm
 0a6e431d7e63dd740f9113a9bad09b41  corporate/4.0/i586/nagios-check_ciscotemp-1.4.11-10.1.20060mlcs4.i586.rpm
 e070cbb5ca1789b4c9ec696bf09ecfe2  corporate/4.0/i586/nagios-check_cluster-1.4.11-10.1.20060mlcs4.i586.rpm
 f27326d7d7dbd25de342b022e2428f15  corporate/4.0/i586/nagios-check_cluster2-1.4.11-10.1.20060mlcs4.i586.rpm
 d1ebb9baf183f0b00ea1c2bf51b7cf06  corporate/4.0/i586/nagios-check_compaq_insight-1.4.11-10.1.20060mlcs4.i586.rpm
 a582beecbc5948aa35f7b2e2f6621e64  corporate/4.0/i586/nagios-check_dhcp-1.4.11-10.1.20060mlcs4.i586.rpm
 148f333b7263b97f3a509341dc5b18c7  corporate/4.0/i586/nagios-check_dig-1.4.11-10.1.20060mlcs4.i586.rpm
 52b21f87ffdf2acb1b16cdd511eaf7fc  corporate/4.0/i586/nagios-check_digitemp-1.4.11-10.1.20060mlcs4.i586.rpm
 ea1caaf637df0dd80abef782722bcaba  corporate/4.0/i586/nagios-check_disk-1.4.11-10.1.20060mlcs4.i586.rpm
 7b5c4132d9afc8da3f834e054d4d6737  corporate/4.0/i586/nagios-check_disk_smb-1.4.11-10.1.20060mlcs4.i586.rpm
 95aac2ae02c3e08e92cfe659f321163f  corporate/4.0/i586/nagios-check_dlswcircuit-1.4.11-10.1.20060mlcs4.i586.rpm
 2043e9206280da5a59cdd92f9f99fae8  corporate/4.0/i586/nagios-check_dns-1.4.11-10.1.20060mlcs4.i586.rpm
 08514a1fa6500a1a8187dfba1b5b8cb2  corporate/4.0/i586/nagios-check_dns_random-1.4.11-10.1.20060mlcs4.i586.rpm
 0014ba729acbd9b2b07a40782750a0a3  corporate/4.0/i586/nagios-check_dummy-1.4.11-10.1.20060mlcs4.i586.rpm
 ad50945ebeb1639e8243a0962b0e7315  corporate/4.0/i586/nagios-check_email_loop-1.4.11-10.1.20060mlcs4.i586.rpm
 468f5fccd1ba63d2855bd21b7c6c2646  corporate/4.0/i586/nagios-check_file_age-1.4.11-10.1.20060mlcs4.i586.rpm
 1108e8b94ce1942ad98851975eac290c  corporate/4.0/i586/nagios-check_flexlm-1.4.11-10.1.20060mlcs4.i586.rpm
 1cc50ad1efd04c86cbbc3123aacc222c  corporate/4.0/i586/nagios-check_fping-1.4.11-10.1.20060mlcs4.i586.rpm
 8d5f8505a6d920e34489ca51d839446b  corporate/4.0/i586/nagios-check_frontpage-1.4.11-10.1.20060mlcs4.i586.rpm
 3647a3487c16c6386f65ee814ed9faf8  corporate/4.0/i586/nagios-check_game-1.4.11-10.1.20060mlcs4.i586.rpm
 7e36642b1f3692073084c64756f81465  corporate/4.0/i586/nagios-check_hpjd-1.4.11-10.1.20060mlcs4.i586.rpm
 3c6e5102bf14c2c7f1d25ca3adbfdf92  corporate/4.0/i586/nagios-check_hprsc-1.4.11-10.1.20060mlcs4.i586.rpm
 0314112c08fa44e0570194584a8dfb01  corporate/4.0/i586/nagios-check_http-1.4.11-10.1.20060mlcs4.i586.rpm
 288fe3827eeef31384e8715768b5a2cd  corporate/4.0/i586/nagios-check_hw-1.4.11-10.1.20060mlcs4.i586.rpm
 65f966fd2007013616bae7759c9479c8  corporate/4.0/i586/nagios-check_ica_master_browser-1.4.11-10.1.20060mlcs4.i586.rpm
 a2352a83441a5581c0c76d3e925e4582  corporate/4.0/i586/nagios-check_ica_metaframe_pub_apps-1.4.11-10.1.20060mlcs4.i586.rpm
 25d0f90c133a4507594f14118873aa5b  corporate/4.0/i586/nagios-check_ica_program_neigbourhood-1.4.11-10.1.20060mlcs4.i586.rpm
 81f883c0dd5e3b7bd4589604b5091fec  corporate/4.0/i586/nagios-check_icmp-1.4.11-10.1.20060mlcs4.i586.rpm
 c1246c157c303cd51d6fcee1b64ee55d  corporate/4.0/i586/nagios-check_ide_smart-1.4.11-10.1.20060mlcs4.i586.rpm
 396b4bd95faf68e6e7d1b9a32d0d47d6  corporate/4.0/i586/nagios-check_ifoperstatus-1.4.11-10.1.20060mlcs4.i586.rpm
 328475cb20f910814e6034d39e284d8e  corporate/4.0/i586/nagios-check_ifstatus-1.4.11-10.1.20060mlcs4.i586.rpm
 47327fba9735e04b083ba606dd6d3623  corporate/4.0/i586/nagios-check_inodes-1.4.11-10.1.20060mlcs4.i586.rpm
 df39cc8ee2b2b9e753609aa631e60ac3  corporate/4.0/i586/nagios-check_ipxping-1.4.11-10.1.20060mlcs4.i586.rpm
 fdaa3f1cd9a5b7881ae4b27de62cd00f  corporate/4.0/i586/nagios-check_ircd-1.4.11-10.1.20060mlcs4.i586.rpm
 5a14eaf50d5158bdf2814dbf1d5db3f3  corporate/4.0/i586/nagios-check_javaproc-1.4.11-10.1.20060mlcs4.i586.rpm
 b64a1857ad09f3db3c04c40dbc111271  corporate/4.0/i586/nagios-check_ldap-1.4.11-10.1.20060mlcs4.i586.rpm
 e5087b2f549a985caabcfd72c52b6734  corporate/4.0/i586/nagios-check_linux_raid-1.4.11-10.1.20060mlcs4.i586.rpm
 36f7c2343404d5e27a0de0fbc1906ed5  corporate/4.0/i586/nagios-check_load-1.4.11-10.1.20060mlcs4.i586.rpm
 13b20d560558c8b0f787908be69be09d  corporate/4.0/i586/nagios-check_log-1.4.11-10.1.20060mlcs4.i586.rpm
 65e8d42b07a9c653f5a38409e92a2faa  corporate/4.0/i586/nagios-check_log2-1.4.11-10.1.20060mlcs4.i586.rpm
 76a1e2fe1d1f06d785c47cc5321f83b5  corporate/4.0/i586/nagios-check_lotus-1.4.11-10.1.20060mlcs4.i586.rpm
 1019a2129ff5162fba4d9ce0bf1cecc0  corporate/4.0/i586/nagios-check_mailq-1.4.11-10.1.20060mlcs4.i586.rpm
 0135125d86bd660afd90a3030a504a1a  corporate/4.0/i586/nagios-check_maxchannels-1.4.11-10.1.20060mlcs4.i586.rpm
 719591bf16929018ffc7fdee3b738aff  corporate/4.0/i586/nagios-check_maxwanstate-1.4.11-10.1.20060mlcs4.i586.rpm
 ec144663bc3c77b064d302e6e1230491  corporate/4.0/i586/nagios-check_mem-1.4.11-10.1.20060mlcs4.i586.rpm
 fe901384571ee93d31115d6c4f0c57ed  corporate/4.0/i586/nagios-check_mrtg-1.4.11-10.1.20060mlcs4.i586.rpm
 4e15deb1c05948ebfbb04f6712c82ea1  corporate/4.0/i586/nagios-check_mrtgext-1.4.11-10.1.20060mlcs4.i586.rpm
 df86c0cba3482e22acf9dcb92b2db6a9  corporate/4.0/i586/nagios-check_mrtgtraf-1.4.11-10.1.20060mlcs4.i586.rpm
 9fb54a3cc9050023886b21bc0cb14827  corporate/4.0/i586/nagios-check_ms_spooler-1.4.11-10.1.20060mlcs4.i586.rpm
 039b096359b2b9d620d6b87fc169b247  corporate/4.0/i586/nagios-check_mssql-1.4.11-10.1.20060mlcs4.i586.rpm
 e6fbbf781dcc74868a4ca495b5863c98  corporate/4.0/i586/nagios-check_mysql-1.4.11-10.1.20060mlcs4.i586.rpm
 d82a459ba6ef14cf07c94773ff5edcdf  corporate/4.0/i586/nagios-check_mysql_perf-1.4.11-10.1.20060mlcs4.i586.rpm
 2786c6166a0880943309672e872068a9  corporate/4.0/i586/nagios-check_mysql_query-1.4.11-10.1.20060mlcs4.i586.rpm
 8d42ea598eb3a1d2f855f6fe0decaaee  corporate/4.0/i586/nagios-check_nagios-1.4.11-10.1.20060mlcs4.i586.rpm
 2baeead542d192047d2c2d079f46963f  corporate/4.0/i586/nagios-check_netapp-1.4.11-10.1.20060mlcs4.i586.rpm
 8c2ed65ccef87befde1fbc8283018e97  corporate/4.0/i586/nagios-check_nmap-1.4.11-10.1.20060mlcs4.i586.rpm
 d261f35397b77df25cb7819c4185e122  corporate/4.0/i586/nagios-check_nt-1.4.11-10.1.20060mlcs4.i586.rpm
 7cbd34cca2bc7d33dc8d2a178d8690d0  corporate/4.0/i586/nagios-check_ntp-1.4.11-10.1.20060mlcs4.i586.rpm
 bf71db917f9d7f90f790f412cc313e7c  corporate/4.0/i586/nagios-check_ntp_peer-1.4.11-10.1.20060mlcs4.i586.rpm
 a2fbdf6838ba4e703a3ca2734aff4e14  corporate/4.0/i586/nagios-check_ntp_time-1.4.11-10.1.20060mlcs4.i586.rpm
 1a3d30fc686b7fa9e7ab03cc75a98fbd  corporate/4.0/i586/nagios-check_nwstat-1.4.11-10.1.20060mlcs4.i586.rpm
 16e9b0b095b22cf9bdcd350988067f8a  corporate/4.0/i586/nagios-check_oracle-1.4.11-10.1.20060mlcs4.i586.rpm
 a834191552f4ad7bcab819b1a45f35df  corporate/4.0/i586/nagios-check_overcr-1.4.11-10.1.20060mlcs4.i586.rpm
 10154252020d3b99bcd771672d6dcb39  corporate/4.0/i586/nagios-check_pcpmetric-1.4.11-10.1.20060mlcs4.i586.rpm
 217714665e594b333d7f91cd1e52aab2  corporate/4.0/i586/nagios-check_pfstate-1.4.11-10.1.20060mlcs4.i586.rpm
 596836d7463069319a5b9536f44ded8d  corporate/4.0/i586/nagios-check_pgsql-1.4.11-10.1.20060mlcs4.i586.rpm
 5f13c22a7d858bec0c5b38ab70bc234f  corporate/4.0/i586/nagios-check_ping-1.4.11-10.1.20060mlcs4.i586.rpm
 f60ce91633a9ed991093b435ea7c5227  corporate/4.0/i586/nagios-check_procs-1.4.11-10.1.20060mlcs4.i586.rpm
 36b6c5dde1d3968b84e9ded294bfc8c3  corporate/4.0/i586/nagios-check_qmailq-1.4.11-10.1.20060mlcs4.i586.rpm
 c221f361cefbe3bce6ed8f2859ee25f0  corporate/4.0/i586/nagios-check_radius-1.4.11-10.1.20060mlcs4.i586.rpm
 ea0c93be1f269279e07c3af95549942c  corporate/4.0/i586/nagios-check_rbl-1.4.11-10.1.20060mlcs4.i586.rpm
 ab1c2fe384f8f605c85162f81ce12e68  corporate/4.0/i586/nagios-check_real-1.4.11-10.1.20060mlcs4.i586.rpm
 48b92d28f69a58477b5d188ea8e5b9ec  corporate/4.0/i586/nagios-check_remote_nagios_status-1.4.11-10.1.20060mlcs4.i586.rpm
 c1ab8fffa87f15990f426220cdced0db  corporate/4.0/i586/nagios-check_rpc-1.4.11-10.1.20060mlcs4.i586.rpm
 d1b6271381b8c2c1adc25c0f7602f187  corporate/4.0/i586/nagios-check_sendim-1.4.11-10.1.20060mlcs4.i586.rpm
 19a2bc70adb3aa329774469061d67c07  corporate/4.0/i586/nagios-check_sensors-1.4.11-10.1.20060mlcs4.i586.rpm
 8802bc8011930fd9738965a8ca273d85  corporate/4.0/i586/nagios-check_smart-1.4.11-10.1.20060mlcs4.i586.rpm
 52a640a50879a15640f797c10c150bc5  corporate/4.0/i586/nagios-check_smb-1.4.11-10.1.20060mlcs4.i586.rpm
 4a4f961a1052e3f042ba93f6ad38142b  corporate/4.0/i586/nagios-check_smtp-1.4.11-10.1.20060mlcs4.i586.rpm
 370cd387f643322b2d6ad08890f7cbc3  corporate/4.0/i586/nagios-check_snmp-1.4.11-10.1.20060mlcs4.i586.rpm
 fd79c8545c6be166eb1462c60be57f76  corporate/4.0/i586/nagios-check_snmp_disk_monitor-1.4.11-10.1.20060mlcs4.i586.rpm
 80e881f9cc2bba28f7555838933a3908  corporate/4.0/i586/nagios-check_snmp_printer-1.4.11-10.1.20060mlcs4.i586.rpm
 cccc83668cd0bf7fb31c013ccda99bab  corporate/4.0/i586/nagios-check_snmp_process_monitor-1.4.11-10.1.20060mlcs4.i586.rpm
 c4047f4013c20761934cfe25ff4d6d2d  corporate/4.0/i586/nagios-check_snmp_procs-1.4.11-10.1.20060mlcs4.i586.rpm
 180c8920941bf64c0df57a929e0bb6ce  corporate/4.0/i586/nagios-check_sockets-1.4.11-10.1.20060mlcs4.i586.rpm
 3688d186256153b4cce4cb02d70b2f05  corporate/4.0/i586/nagios-check_ssh-1.4.11-10.1.20060mlcs4.i586.rpm
 aa1371c3dcb6bbae24558e3f552f9a35  corporate/4.0/i586/nagios-check_swap-1.4.11-10.1.20060mlcs4.i586.rpm
 fb9d6b3b129af89a0db7cc2e0f01802d  corporate/4.0/i586/nagios-check_tcp-1.4.11-10.1.20060mlcs4.i586.rpm
 d9b6944742b6763f5284d5d2268fa97a  corporate/4.0/i586/nagios-check_time-1.4.11-10.1.20060mlcs4.i586.rpm
 6c899b913513ed99d06d45eda1db932e  corporate/4.0/i586/nagios-check_timeout-1.4.11-10.1.20060mlcs4.i586.rpm
 fec4dc92e2264222a4bbcb3f9dd0de20  corporate/4.0/i586/nagios-check_traceroute-1.4.11-10.1.20060mlcs4.i586.rpm
 01bf05af51db73b3635dbe9a9d2416df  corporate/4.0/i586/nagios-check_ups-1.4.11-10.1.20060mlcs4.i586.rpm
 1c7c7821c6e7e8bd8fcf9bdca492074d  corporate/4.0/i586/nagios-check_uptime-1.4.11-10.1.20060mlcs4.i586.rpm
 3687302db28967b37e467e8d96ff42c8  corporate/4.0/i586/nagios-check_users-1.4.11-10.1.20060mlcs4.i586.rpm
 d3f4c26bea03a6035b7c4c216d4a118c  corporate/4.0/i586/nagios-check_wave-1.4.11-10.1.20060mlcs4.i586.rpm
 efdb58e5a1152bc8c1708ce57e1e9690  corporate/4.0/i586/nagios-check_wins-1.4.11-10.1.20060mlcs4.i586.rpm
 64e29e89ad564658a3fef92012a9564a  corporate/4.0/i586/nagios-conf-3.0-0.1.20060mlcs4.noarch.rpm
 34a3cacfb978e828d4a657ba16874e2f  corporate/4.0/i586/nagios-devel-3.0-0.1.20060mlcs4.i586.rpm
 95662b94541218aba923074324e0bf63  corporate/4.0/i586/nagios-imagepaks-1.0-1.1.20060mlcs4.noarch.rpm
 148574909a2967a58b4e63e81009df19  corporate/4.0/i586/nagios-plugins-1.4.11-10.1.20060mlcs4.i586.rpm
 5e07982d68e44515adbe94be1686a729  corporate/4.0/i586/nagios-theme-default-3.0-0.1.20060mlcs4.i586.rpm
 98f6dd53eacf2e39130e20feaed767a7  corporate/4.0/i586/nagios-theme-nuvola-1.0.3-1.1.20060mlcs4.noarch.rpm
 244f6a200ccdf49abbd85e8b8251d215  corporate/4.0/i586/nagios-www-3.0-0.1.20060mlcs4.i586.rpm 
 75e87000528206145615c11d18a2ccdf  corporate/4.0/SRPMS/nagios-3.0-0.1.20060mlcs4.src.rpm
 5809bbf04a024063be1a3161ce9faf19  corporate/4.0/SRPMS/nagios-conf-3.0-0.1.20060mlcs4.src.rpm
 a6df9bb70a8ca552518485a3a1de16e5  corporate/4.0/SRPMS/nagios-imagepaks-1.0-1.1.20060mlcs4.src.rpm
 62ad09b53ac1415a6ef99c4e536f38ee  corporate/4.0/SRPMS/nagios-plugins-1.4.11-10.1.20060mlcs4.src.rpm
 9d28f7745b785eff0b85653ef2cf0bdc  corporate/4.0/SRPMS/nagios-theme-nuvola-1.0.3-1.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 dde16d02a52e1a7ecc30dcaea4d64e83  corporate/4.0/x86_64/nagios-3.0-0.1.20060mlcs4.x86_64.rpm
 a62dcd37fab45b2ec3dd1d7171bf7f65  corporate/4.0/x86_64/nagios-check_adptraid-1.4.11-10.1.20060mlcs4.x86_64.rpm
 75a15d58c80804912e6d08ee9eac9a88  corporate/4.0/x86_64/nagios-check_apache-1.4.11-10.1.20060mlcs4.x86_64.rpm
 60b8c1afe012895411be822f8ba67a46  corporate/4.0/x86_64/nagios-check_apc_ups-1.4.11-10.1.20060mlcs4.x86_64.rpm
 9cfd2d7f84fd7273a8bb5274cc801011  corporate/4.0/x86_64/nagios-check_appletalk-1.4.11-10.1.20060mlcs4.x86_64.rpm
 9ab71054138a54484a6edef7da55cfc4  corporate/4.0/x86_64/nagios-check_apt-1.4.11-10.1.20060mlcs4.x86_64.rpm
 839ba3b2442ccc0d5ea6711acfe1f5bd  corporate/4.0/x86_64/nagios-check_arping-1.4.11-10.1.20060mlcs4.x86_64.rpm
 d0bc083bf31b09ac027b570b977fbefe  corporate/4.0/x86_64/nagios-check_asterisk-1.4.11-10.1.20060mlcs4.x86_64.rpm
 69b3ad6d66a16256e20c07794dcae5be  corporate/4.0/x86_64/nagios-check_axis-1.4.11-10.1.20060mlcs4.x86_64.rpm
 c05877b5a459e317a0936ad03d0ce476  corporate/4.0/x86_64/nagios-check_backup-1.4.11-10.1.20060mlcs4.x86_64.rpm
 ba11cf74b970dbd1a085d577b09973bf  corporate/4.0/x86_64/nagios-check_bgp-1.4.11-10.1.20060mlcs4.x86_64.rpm
 7c54298b30dac287b137ead8078738c6  corporate/4.0/x86_64/nagios-check_bgpstate-1.4.11-10.1.20060mlcs4.x86_64.rpm
 214dc03dfe89c6e996416466c747bcb4  corporate/4.0/x86_64/nagios-check_breeze-1.4.11-10.1.20060mlcs4.x86_64.rpm
 b18eee3c2c9cd1eb7307f6bddac418f5  corporate/4.0/x86_64/nagios-check_by_ssh-1.4.11-10.1.20060mlcs4.x86_64.rpm
 4ca8fa87199211f20255a9eebebf0fbf  corporate/4.0/x86_64/nagios-check_ciscotemp-1.4.11-10.1.20060mlcs4.x86_64.rpm
 dcd82bd1e4859de23cc74cc7cb870a23  corporate/4.0/x86_64/nagios-check_cluster-1.4.11-10.1.20060mlcs4.x86_64.rpm
 3845473781a30162130a7661fc2150b2  corporate/4.0/x86_64/nagios-check_cluster2-1.4.11-10.1.20060mlcs4.x86_64.rpm
 946ee2bccbeb2da14f61fea71f845155  corporate/4.0/x86_64/nagios-check_compaq_insight-1.4.11-10.1.20060mlcs4.x86_64.rpm
 069fab8ceaf423cd92b68e9e6d1f3c2f  corporate/4.0/x86_64/nagios-check_dhcp-1.4.11-10.1.20060mlcs4.x86_64.rpm
 08360c6e2f8033559972e502c7ba8e07  corporate/4.0/x86_64/nagios-check_dig-1.4.11-10.1.20060mlcs4.x86_64.rpm
 0c4cbfbaba6862e1140ac93a79bd4b60  corporate/4.0/x86_64/nagios-check_digitemp-1.4.11-10.1.20060mlcs4.x86_64.rpm
 b56eedf7dde0e8eff40e41c1624c7b45  corporate/4.0/x86_64/nagios-check_disk-1.4.11-10.1.20060mlcs4.x86_64.rpm
 9c5a3f64875d80c64551e06e537a7744  corporate/4.0/x86_64/nagios-check_disk_smb-1.4.11-10.1.20060mlcs4.x86_64.rpm
 a1c0ae309373b5e773fd9da29e7d36e3  corporate/4.0/x86_64/nagios-check_dlswcircuit-1.4.11-10.1.20060mlcs4.x86_64.rpm
 e6fb1df4776cd510c39836353383bfd6  corporate/4.0/x86_64/nagios-check_dns-1.4.11-10.1.20060mlcs4.x86_64.rpm
 48a1f27d4aba783de2a8718e492fd208  corporate/4.0/x86_64/nagios-check_dns_random-1.4.11-10.1.20060mlcs4.x86_64.rpm
 dde459de850e345f6db820c81a391c2c  corporate/4.0/x86_64/nagios-check_dummy-1.4.11-10.1.20060mlcs4.x86_64.rpm
 0247effde1d8e9fbd17e10ad47021c42  corporate/4.0/x86_64/nagios-check_email_loop-1.4.11-10.1.20060mlcs4.x86_64.rpm
 7cc440201ea025b2d96c68acd52834ec  corporate/4.0/x86_64/nagios-check_file_age-1.4.11-10.1.20060mlcs4.x86_64.rpm
 1dd59e8b8ac2605fe4311c1c914f3ff5  corporate/4.0/x86_64/nagios-check_flexlm-1.4.11-10.1.20060mlcs4.x86_64.rpm
 2095ae0d9fef2f185f924a52401f536f  corporate/4.0/x86_64/nagios-check_fping-1.4.11-10.1.20060mlcs4.x86_64.rpm
 6992d3bf8322ba7fde68e0c24f3618fa  corporate/4.0/x86_64/nagios-check_frontpage-1.4.11-10.1.20060mlcs4.x86_64.rpm
 6e59f5b3ed9363026956121332dc7367  corporate/4.0/x86_64/nagios-check_game-1.4.11-10.1.20060mlcs4.x86_64.rpm
 0bc3ff1c880564dac752de4e89f977d1  corporate/4.0/x86_64/nagios-check_hpjd-1.4.11-10.1.20060mlcs4.x86_64.rpm
 2dba9407b737ac1833f12c37e109cea8  corporate/4.0/x86_64/nagios-check_hprsc-1.4.11-10.1.20060mlcs4.x86_64.rpm
 97b601f9abf3e666f8ae7af07e426ac4  corporate/4.0/x86_64/nagios-check_http-1.4.11-10.1.20060mlcs4.x86_64.rpm
 5eb6347ecdce0aa85e4eeb0db2d4c9bd  corporate/4.0/x86_64/nagios-check_hw-1.4.11-10.1.20060mlcs4.x86_64.rpm
 337a7d4397884a83aa24b8f77bea96d7  corporate/4.0/x86_64/nagios-check_ica_master_browser-1.4.11-10.1.20060mlcs4.x86_64.rpm
 ba1df52fc1ce4cf7adcf358060c7753e  corporate/4.0/x86_64/nagios-check_ica_metaframe_pub_apps-1.4.11-10.1.20060mlcs4.x86_64.rpm
 8506f0e37924792a889534e11caff1a4  corporate/4.0/x86_64/nagios-check_ica_program_neigbourhood-1.4.11-10.1.20060mlcs4.x86_64.rpm
 5b1e035e2c999f6b2cae51d6fbfb12dd  corporate/4.0/x86_64/nagios-check_icmp-1.4.11-10.1.20060mlcs4.x86_64.rpm
 6ff0b8131d62ad7af6b6ac1464c55bb1  corporate/4.0/x86_64/nagios-check_ide_smart-1.4.11-10.1.20060mlcs4.x86_64.rpm
 aa97f79a1c45fd3962e94c4ddf2e65df  corporate/4.0/x86_64/nagios-check_ifoperstatus-1.4.11-10.1.20060mlcs4.x86_64.rpm
 37a6868c78971e5dc4b9cbd5f39542c4  corporate/4.0/x86_64/nagios-check_ifstatus-1.4.11-10.1.20060mlcs4.x86_64.rpm
 5dc32bd0ae8361628682b500c5ca9083  corporate/4.0/x86_64/nagios-check_inodes-1.4.11-10.1.20060mlcs4.x86_64.rpm
 bedc3db8267484421c785b9d7baaa7ff  corporate/4.0/x86_64/nagios-check_ipxping-1.4.11-10.1.20060mlcs4.x86_64.rpm
 e9315f642ebe2ad718ba04e72f681708  corporate/4.0/x86_64/nagios-check_ircd-1.4.11-10.1.20060mlcs4.x86_64.rpm
 81ec56557143236e005fafcecd6aca61  corporate/4.0/x86_64/nagios-check_javaproc-1.4.11-10.1.20060mlcs4.x86_64.rpm
 8f20a0e5de072e665898923f29a8bbbb  corporate/4.0/x86_64/nagios-check_ldap-1.4.11-10.1.20060mlcs4.x86_64.rpm
 e62c86abf46d658215698c9a0465590c  corporate/4.0/x86_64/nagios-check_linux_raid-1.4.11-10.1.20060mlcs4.x86_64.rpm
 8de7a55f790cb7ed84fcb454b1262768  corporate/4.0/x86_64/nagios-check_load-1.4.11-10.1.20060mlcs4.x86_64.rpm
 9eab9aa8950b65f343706cc04d631062  corporate/4.0/x86_64/nagios-check_log-1.4.11-10.1.20060mlcs4.x86_64.rpm
 b4530f43ee21a88570c5e1721c45da65  corporate/4.0/x86_64/nagios-check_log2-1.4.11-10.1.20060mlcs4.x86_64.rpm
 97fb0eb2aba70fb80b77a1a8b45434cd  corporate/4.0/x86_64/nagios-check_lotus-1.4.11-10.1.20060mlcs4.x86_64.rpm
 46f093c64c1bb2d6c07eea1b9a22f802  corporate/4.0/x86_64/nagios-check_mailq-1.4.11-10.1.20060mlcs4.x86_64.rpm
 4c8b2327261b28ed8de55ca1f1c076ea  corporate/4.0/x86_64/nagios-check_maxchannels-1.4.11-10.1.20060mlcs4.x86_64.rpm
 23acd4092e89f67353dc5cf218f2d177  corporate/4.0/x86_64/nagios-check_maxwanstate-1.4.11-10.1.20060mlcs4.x86_64.rpm
 c7620c2bf861c07a95b3969ce9b4351b  corporate/4.0/x86_64/nagios-check_mem-1.4.11-10.1.20060mlcs4.x86_64.rpm
 fd52e285a4fd8c50d0ee19c38d3e5e70  corporate/4.0/x86_64/nagios-check_mrtg-1.4.11-10.1.20060mlcs4.x86_64.rpm
 38c8892b751e20edead883a04c65036a  corporate/4.0/x86_64/nagios-check_mrtgext-1.4.11-10.1.20060mlcs4.x86_64.rpm
 615bd223a01d27f830bd640339c156db  corporate/4.0/x86_64/nagios-check_mrtgtraf-1.4.11-10.1.20060mlcs4.x86_64.rpm
 30ed36cd1cbdc91b3357b680c3f1b7ce  corporate/4.0/x86_64/nagios-check_ms_spooler-1.4.11-10.1.20060mlcs4.x86_64.rpm
 932e032b62707ac8ffa7fb41663667ac  corporate/4.0/x86_64/nagios-check_mssql-1.4.11-10.1.20060mlcs4.x86_64.rpm
 9d76893fb9ced1dfb2e327cac9d076fb  corporate/4.0/x86_64/nagios-check_mysql-1.4.11-10.1.20060mlcs4.x86_64.rpm
 890c9b354f30316016de889aa1eed21c  corporate/4.0/x86_64/nagios-check_mysql_perf-1.4.11-10.1.20060mlcs4.x86_64.rpm
 f20ddabf77a2557ef6c2fee923d29bd9  corporate/4.0/x86_64/nagios-check_mysql_query-1.4.11-10.1.20060mlcs4.x86_64.rpm
 ade3aceb599d1a9d216576c90770dfb2  corporate/4.0/x86_64/nagios-check_nagios-1.4.11-10.1.20060mlcs4.x86_64.rpm
 69e562f6c5493221a10120fef581a894  corporate/4.0/x86_64/nagios-check_netapp-1.4.11-10.1.20060mlcs4.x86_64.rpm
 3e2e6701d189f16ca273a9b175d3908e  corporate/4.0/x86_64/nagios-check_nmap-1.4.11-10.1.20060mlcs4.x86_64.rpm
 c3e5e3845f68bacf7ed0c40d2935587d  corporate/4.0/x86_64/nagios-check_nt-1.4.11-10.1.20060mlcs4.x86_64.rpm
 fa10418b82481e39b4a64ca8a87a0c1b  corporate/4.0/x86_64/nagios-check_ntp-1.4.11-10.1.20060mlcs4.x86_64.rpm
 7a7f23c1fb10f220c3bbcc286ec6844d  corporate/4.0/x86_64/nagios-check_ntp_peer-1.4.11-10.1.20060mlcs4.x86_64.rpm
 fa9c6864f0ce0335c9b001c0b662f4f0  corporate/4.0/x86_64/nagios-check_ntp_time-1.4.11-10.1.20060mlcs4.x86_64.rpm
 4bbc1d05f88ed309d569215321eadf9a  corporate/4.0/x86_64/nagios-check_nwstat-1.4.11-10.1.20060mlcs4.x86_64.rpm
 e3e3a14ce38d2098eb591454c5e43730  corporate/4.0/x86_64/nagios-check_oracle-1.4.11-10.1.20060mlcs4.x86_64.rpm
 94cda04fb03165f21cfe21dbb63abddb  corporate/4.0/x86_64/nagios-check_overcr-1.4.11-10.1.20060mlcs4.x86_64.rpm
 4f97995d07915968c7f89705276691a5  corporate/4.0/x86_64/nagios-check_pcpmetric-1.4.11-10.1.20060mlcs4.x86_64.rpm
 f62c32fa6cf6936329aa8b22a7049c01  corporate/4.0/x86_64/nagios-check_pfstate-1.4.11-10.1.20060mlcs4.x86_64.rpm
 21ef394b64b6006b4dcb6f31d0c36e2b  corporate/4.0/x86_64/nagios-check_pgsql-1.4.11-10.1.20060mlcs4.x86_64.rpm
 34dabfcf9f91afb5b8947e045b292626  corporate/4.0/x86_64/nagios-check_ping-1.4.11-10.1.20060mlcs4.x86_64.rpm
 ea5794cfe2ca0a8be45bb76e15a455b7  corporate/4.0/x86_64/nagios-check_procs-1.4.11-10.1.20060mlcs4.x86_64.rpm
 0e3795daa196577c582fb405310f3afa  corporate/4.0/x86_64/nagios-check_qmailq-1.4.11-10.1.20060mlcs4.x86_64.rpm
 3d4451acf0b81a0ca282df557e529277  corporate/4.0/x86_64/nagios-check_radius-1.4.11-10.1.20060mlcs4.x86_64.rpm
 2d8105bd3d70b70e657884b04108b373  corporate/4.0/x86_64/nagios-check_rbl-1.4.11-10.1.20060mlcs4.x86_64.rpm
 5f331ed17cf46d4f05a1ccdd6de30e71  corporate/4.0/x86_64/nagios-check_real-1.4.11-10.1.20060mlcs4.x86_64.rpm
 5f583744057bfc4d520c4d9f6e746867  corporate/4.0/x86_64/nagios-check_remote_nagios_status-1.4.11-10.1.20060mlcs4.x86_64.rpm
 c109fa2412f16664ab4a35d0d6b7695f  corporate/4.0/x86_64/nagios-check_rpc-1.4.11-10.1.20060mlcs4.x86_64.rpm
 8b41569e995aa7e2c850be8d0efed878  corporate/4.0/x86_64/nagios-check_sendim-1.4.11-10.1.20060mlcs4.x86_64.rpm
 bfa568c423159b6bab942fef3faecaf7  corporate/4.0/x86_64/nagios-check_sensors-1.4.11-10.1.20060mlcs4.x86_64.rpm
 cf2b5170f8e08b915697eb8f38ea9839  corporate/4.0/x86_64/nagios-check_smart-1.4.11-10.1.20060mlcs4.x86_64.rpm
 80aa2f7682a27c493b5ff96c6077b350  corporate/4.0/x86_64/nagios-check_smb-1.4.11-10.1.20060mlcs4.x86_64.rpm
 a1b1c60ff280181579deb5793f2ec3e7  corporate/4.0/x86_64/nagios-check_smtp-1.4.11-10.1.20060mlcs4.x86_64.rpm
 88cc7c4e65b477558810588e5ef46754  corporate/4.0/x86_64/nagios-check_snmp-1.4.11-10.1.20060mlcs4.x86_64.rpm
 f36e101ff70a7d2ec9fa42a1ec21e92e  corporate/4.0/x86_64/nagios-check_snmp_disk_monitor-1.4.11-10.1.20060mlcs4.x86_64.rpm
 450bec4fb1f06ebc8ebb083d8359baaa  corporate/4.0/x86_64/nagios-check_snmp_printer-1.4.11-10.1.20060mlcs4.x86_64.rpm
 687b1e809c7639247380191e33b008cd  corporate/4.0/x86_64/nagios-check_snmp_process_monitor-1.4.11-10.1.20060mlcs4.x86_64.rpm
 5aec7f0acf2433b61501227614eb1703  corporate/4.0/x86_64/nagios-check_snmp_procs-1.4.11-10.1.20060mlcs4.x86_64.rpm
 7c57444c9664c893f2a0b298fd705ba9  corporate/4.0/x86_64/nagios-check_sockets-1.4.11-10.1.20060mlcs4.x86_64.rpm
 f08c103f3ccac6b6d677b185187ad659  corporate/4.0/x86_64/nagios-check_ssh-1.4.11-10.1.20060mlcs4.x86_64.rpm
 c49805b83298c4118ad8dce65f5cb09c  corporate/4.0/x86_64/nagios-check_swap-1.4.11-10.1.20060mlcs4.x86_64.rpm
 2f6ba77a5cb9d6e351aeba6cc674b22c  corporate/4.0/x86_64/nagios-check_tcp-1.4.11-10.1.20060mlcs4.x86_64.rpm
 6c108d993db5189bd21b80def09f008a  corporate/4.0/x86_64/nagios-check_time-1.4.11-10.1.20060mlcs4.x86_64.rpm
 c50a43afccac6d805292f9c68900790e  corporate/4.0/x86_64/nagios-check_timeout-1.4.11-10.1.20060mlcs4.x86_64.rpm
 478060978d97eb281180c085bf53714d  corporate/4.0/x86_64/nagios-check_traceroute-1.4.11-10.1.20060mlcs4.x86_64.rpm
 30ac3c1db57ac8ac7e78125cd2762788  corporate/4.0/x86_64/nagios-check_ups-1.4.11-10.1.20060mlcs4.x86_64.rpm
 cd8ea93619bf77e2bf4fea2387ecdf54  corporate/4.0/x86_64/nagios-check_uptime-1.4.11-10.1.20060mlcs4.x86_64.rpm
 46ef1fe9907813f221853d026bde48f7  corporate/4.0/x86_64/nagios-check_users-1.4.11-10.1.20060mlcs4.x86_64.rpm
 35177089405a05a29f49b732ccb0a454  corporate/4.0/x86_64/nagios-check_wave-1.4.11-10.1.20060mlcs4.x86_64.rpm
 866c614c35061672e96b0813800b0ab6  corporate/4.0/x86_64/nagios-check_wins-1.4.11-10.1.20060mlcs4.x86_64.rpm
 2190fbc383a4d68891e084a77241502b  corporate/4.0/x86_64/nagios-conf-3.0-0.1.20060mlcs4.noarch.rpm
 b3e74d051bdd89f084c6d174d798f6d2  corporate/4.0/x86_64/nagios-devel-3.0-0.1.20060mlcs4.x86_64.rpm
 0a4d73b11467e33d835d8139cb3de9bc  corporate/4.0/x86_64/nagios-imagepaks-1.0-1.1.20060mlcs4.noarch.rpm
 d6663c4cfe4ce2fe17747122dd92b469  corporate/4.0/x86_64/nagios-plugins-1.4.11-10.1.20060mlcs4.x86_64.rpm
 f2411f77278155b5ef0b2f448654dd10  corporate/4.0/x86_64/nagios-theme-default-3.0-0.1.20060mlcs4.x86_64.rpm
 fd9fd6e72753188e06cc6e6ee54d2638  corporate/4.0/x86_64/nagios-theme-nuvola-1.0.3-1.1.20060mlcs4.noarch.rpm
 b4dce253fb97bb0389cedabc2f19b953  corporate/4.0/x86_64/nagios-www-3.0-0.1.20060mlcs4.x86_64.rpm 
 75e87000528206145615c11d18a2ccdf  corporate/4.0/SRPMS/nagios-3.0-0.1.20060mlcs4.src.rpm
 5809bbf04a024063be1a3161ce9faf19  corporate/4.0/SRPMS/nagios-conf-3.0-0.1.20060mlcs4.src.rpm
 a6df9bb70a8ca552518485a3a1de16e5  corporate/4.0/SRPMS/nagios-imagepaks-1.0-1.1.20060mlcs4.src.rpm
 62ad09b53ac1415a6ef99c4e536f38ee  corporate/4.0/SRPMS/nagios-plugins-1.4.11-10.1.20060mlcs4.src.rpm
 9d28f7745b785eff0b85653ef2cf0bdc  corporate/4.0/SRPMS/nagios-theme-nuvola-1.0.3-1.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iD8DBQFH4AOsmqjQ0CJFipgRAn98AJ9GOC+/R0ys1fazE15GEjyCKj4ZaACfZCRy
FuP5uID9iH/fhLHsShj/yX8=
=3J47
-----END PGP SIGNATURE-----
    


漏洞信息


42951
Nagios Unspecified XSS

Remote / Network Access

Input Manipulation
Loss of Integrity Upgrade
Exploit Public Vendor Verified


漏洞描述


时间线


2008-03-12

Unknow
Unknow 2008-03-12


解决方案

Upgrade to version 2.11 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.


相关参考


漏洞作者

Unknown or Incomplete


漏洞信息

Nagios Prior to 2.11 Unspecified Cross-Site Scripting Vulnerability

Input Validation Error

28250
Yes No
2008-03-12 12:00:00 2009-09-14 06:31:00

The vendor reported this vulnerability.


受影响的程序版本

S.u.S.E. openSUSE 10.3

S.u.S.E. openSUSE 10.2

S.u.S.E. Linux Enterprise Server 10

+

Linux kernel 2.6.5


Nagios Nagios 2.3.1

Nagios Nagios 2.9

Nagios Nagios 2.8

Nagios Nagios 2.7

Nagios Nagios 2.3

Nagios Nagios 2.2

Nagios Nagios 2.10

MandrakeSoft Corporate Server 4.0 x86_64

MandrakeSoft Corporate Server 4.0

Debian Linux 5.0 sparc

Debian Linux 5.0 s/390

Debian Linux 5.0 powerpc

Debian Linux 5.0 mipsel

Debian Linux 5.0 mips

Debian Linux 5.0 m68k

Debian Linux 5.0 ia-64

Debian Linux 5.0 ia-32

Debian Linux 5.0 hppa

Debian Linux 5.0 armel

Debian Linux 5.0 arm

Debian Linux 5.0 amd64

Debian Linux 5.0 alpha

Debian Linux 5.0

Debian Linux 4.0 sparc

Debian Linux 4.0 s/390

Debian Linux 4.0 powerpc

Debian Linux 4.0 mipsel

Debian Linux 4.0 mips

Debian Linux 4.0 m68k

Debian Linux 4.0 ia-64

Debian Linux 4.0 ia-32

Debian Linux 4.0 hppa

Debian Linux 4.0 armel

Debian Linux 4.0 arm

Debian Linux 4.0 amd64

Debian Linux 4.0 alpha

Debian Linux 4.0

Nagios Nagios 2.11


不受影响的程序版本

Nagios Nagios 2.11


漏洞讨论

Nagios is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.



An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.



Versions prior to Nagios 2.11 are vulnerable.


漏洞利用

An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.


解决方案

The vendor has released Nagios 2.11. Please see the vendor references for more information.







Nagios Nagios 2.2



Debian Linux 4.0 arm



Debian Linux 4.0 powerpc



Debian Linux 4.0 m68k



Nagios Nagios 2.3



Debian Linux 4.0 amd64



Debian Linux 4.0 ia-32



Debian Linux 4.0 hppa



Debian Linux 4.0 sparc



Debian Linux 4.0 s/390



Debian Linux 4.0 alpha



Debian Linux 4.0 armel



Nagios Nagios 2.8



Debian Linux 4.0



Nagios Nagios 2.10



Debian Linux 4.0 mipsel



Nagios Nagios 2.9



Debian Linux 4.0 ia-64



Debian Linux 4.0 mips



Nagios Nagios 2.7



Nagios Nagios 2.3.1


相关参考

赞(0) 打赏
转载请附本站链接,未经允许不得转载,,谢谢:微慑信息网-VulSee.com » CVE-2008-1360-漏洞详情

评论 抢沙发

微慑信息网 专注工匠精神

微慑信息网-VulSee.com-关注前沿安全态势,聚合网络安全漏洞信息,分享安全文档案例

访问我们联系我们

觉得文章有用就打赏一下文章作者

非常感谢你的打赏,我们将继续提供更多优质内容,让我们一起创建更加美好的网络世界!

支付宝扫一扫

微信扫一扫

登录

找回密码

注册