Remote Authentication Bypass in Nagios and op5 Monitor
CVE-2008-5027

Currently unrated

Key Information:

Vendor: Nagios
Status: Nagios; Monitor
Vendor: CVE Published:; 10 November 2008

What is CVE-2008-5027?

The Nagios application, as well as the op5 Monitor, exhibit a vulnerability that allows remote authenticated users to bypass authorization checks. This can be exploited via a custom form or a browser addon, enabling attackers to trigger the execution of arbitrary programs within the Nagios process. Versions prior to Nagios 3.0.5 and op5 Monitor 4.0.1 are particularly susceptible, exposing systems to significant security risks.

References

http://sourceforge.net/mailarchive/forum.php?thread_name=...

mailing-listx_refsource_MLIST

http://www.vupen.com/english/advisories/2008/3364

vdb-entryx_refsource_VUPEN

http://security.gentoo.org/glsa/glsa-200907-15.xml

vendor-advisoryx_refsource_GENTOO

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 10, 2008
Vulnerability Reserved
Nov 10, 2008