LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: July 18th, 2014
Linux Advisory Watch: July 13th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: Nagios vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu It was discovered that Nagios did not properly parse certain commands submitted using the WAP web interface. An authenticated user could exploit this flaw and execute arbitrary programs on the server.
===========================================================
Ubuntu Security Notice USN-795-1              July 02, 2009
nagios2, nagios3 vulnerability
CVE-2009-2288
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  nagios2                         2.11-1ubuntu1.5

Ubuntu 8.10:
  nagios3                         3.0.2-1ubuntu1.2

Ubuntu 9.04:
  nagios3                         3.0.6-2ubuntu1.1

After a standard system upgrade you need to restart Nagios to effect
the necessary changes.

Details follow:

It was discovered that Nagios did not properly parse certain commands
submitted using the WAP web interface. An authenticated user could exploit
this flaw and execute arbitrary programs on the server.


Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2_2.11-1ubuntu1.5.diff.gz
      Size/MD5:    38279 5ac25c4aebdf965b305601c175702762
    http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2_2.11-1ubuntu1.5.dsc
      Size/MD5:     1174 550ace4cab74733c7ba58d996105fe41
    http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2_2.11.orig.tar.gz
      Size/MD5:  1741962 058c1f4829de748b42da1b584cccc941

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2-common_2.11-1ubuntu1.5_all.deb
      Size/MD5:    61606 7c7cdbb7a541a7dc2e6cbe6b0a1e4a1c
    http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2-doc_2.11-1ubuntu1.5_all.deb
      Size/MD5:  1135074 434928fdccc05df77e7c1b55c0944f7d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2-dbg_2.11-1ubuntu1.5_amd64.deb
      Size/MD5:  1641482 c196a73f534801375beae196a695e2a3
    http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2_2.11-1ubuntu1.5_amd64.deb
      Size/MD5:  1106466 1f9ee59209d23fec44c8caef64d73603

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2-dbg_2.11-1ubuntu1.5_i386.deb
      Size/MD5:  1553278 8cfc9a73ee6b53cb92ef16ceace75c81
    http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2_2.11-1ubuntu1.5_i386.deb
      Size/MD5:   987476 fb77a60168243e0e9b2ce41fb6b6d952

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/universe/n/nagios2/nagios2-dbg_2.11-1ubuntu1.5_lpia.deb
      Size/MD5:  1587648 895c0d78b5911808b2eb41180ec14f02
    http://ports.ubuntu.com/pool/universe/n/nagios2/nagios2_2.11-1ubuntu1.5_lpia.deb
      Size/MD5:   999380 8d58ae28c5486ca49bea608504b626f0

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/universe/n/nagios2/nagios2-dbg_2.11-1ubuntu1.5_powerpc.deb
      Size/MD5:  1610524 c7c0f2c4ba63f63501215495753ff780
    http://ports.ubuntu.com/pool/universe/n/nagios2/nagios2_2.11-1ubuntu1.5_powerpc.deb
      Size/MD5:  1109852 db249ea38d72b5da364d0a72e980e496

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/universe/n/nagios2/nagios2-dbg_2.11-1ubuntu1.5_sparc.deb
      Size/MD5:  1449090 5a55e6d14881d445b8f61bbb34ce0b5a
    http://ports.ubuntu.com/pool/universe/n/nagios2/nagios2_2.11-1ubuntu1.5_sparc.deb
      Size/MD5:   989830 c0755ea4ad906f8a390696f5b22e70b5

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3_3.0.2-1ubuntu1.2.diff.gz
      Size/MD5:    38837 9d114719a76218b8a5091e0366cb7021
    http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3_3.0.2-1ubuntu1.2.dsc
      Size/MD5:     1644 dd4d8f5b405b7172784b948063b3edc6
    http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3_3.0.2.orig.tar.gz
      Size/MD5:  2759331 008d71aac08660bc007f7130ea82ab80

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3-common_3.0.2-1ubuntu1.2_all.deb
      Size/MD5:    72322 fe1bd2d9b7b4445431c26812b1f31882
    http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3-doc_3.0.2-1ubuntu1.2_all.deb
      Size/MD5:  2063342 b1f7b496156df603ba106ce0ef5586ef

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3-dbg_3.0.2-1ubuntu1.2_amd64.deb
      Size/MD5:  2660548 9bb9cc6116a2339f5576571d0743c836
    http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3_3.0.2-1ubuntu1.2_amd64.deb
      Size/MD5:  1538942 745dadf430d6d524ce2a03f4a5862a07

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3-dbg_3.0.2-1ubuntu1.2_i386.deb
      Size/MD5:  2429640 607d3061e30c10cd6e1e35d2fd6360df
    http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3_3.0.2-1ubuntu1.2_i386.deb
      Size/MD5:  1387634 5ceaf6ffdc011083ad34eb3d8dbfb136

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/n/nagios3/nagios3-dbg_3.0.2-1ubuntu1.2_lpia.deb
      Size/MD5:  2480154 a6da42b7b34b6cd061194b3af2220085
    http://ports.ubuntu.com/pool/main/n/nagios3/nagios3_3.0.2-1ubuntu1.2_lpia.deb
      Size/MD5:  1376700 2ea3ee9bca2ae629740dfce4487698d5

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/n/nagios3/nagios3-dbg_3.0.2-1ubuntu1.2_powerpc.deb
      Size/MD5:  2631370 5f68ac3f75cc8761b84213ea5c11adf3
    http://ports.ubuntu.com/pool/main/n/nagios3/nagios3_3.0.2-1ubuntu1.2_powerpc.deb
      Size/MD5:  1525420 917f29e0d8b82bdb86887af4806ef5f1

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/n/nagios3/nagios3-dbg_3.0.2-1ubuntu1.2_sparc.deb
      Size/MD5:  2327596 13a0e4f497814b337fde9e12c49ad043
    http://ports.ubuntu.com/pool/main/n/nagios3/nagios3_3.0.2-1ubuntu1.2_sparc.deb
      Size/MD5:  1380100 4e25adcec75a84c620a9fb7e18b75702

Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3_3.0.6-2ubuntu1.1.diff.gz
      Size/MD5:    38327 dc34106fff458be3756e32a243493aeb
    http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3_3.0.6-2ubuntu1.1.dsc
      Size/MD5:     1644 040f8f07b7412fcef4d0524940d279f2
    http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3_3.0.6.orig.tar.gz
      Size/MD5:  2735504 900e3f4164f4b2a18485420eeaefe812

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3-common_3.0.6-2ubuntu1.1_all.deb
      Size/MD5:    75416 a033c3d7df46e468829ca115bb972a38
    http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3-doc_3.0.6-2ubuntu1.1_all.deb
      Size/MD5:  2034048 d67fb713664aaba43e5c61f73d8ccc49

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3-dbg_3.0.6-2ubuntu1.1_amd64.deb
      Size/MD5:  2700484 75291229645109a5e7b91b6f4424258c
    http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3_3.0.6-2ubuntu1.1_amd64.deb
      Size/MD5:  1545190 3c62bce19c004bc1806fb0f67571a4f1

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3-dbg_3.0.6-2ubuntu1.1_i386.deb
      Size/MD5:  2475634 8469b5914727459b29c59499fc8e7dae
    http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3_3.0.6-2ubuntu1.1_i386.deb
      Size/MD5:  1393028 9c999ffd347ee3ae7f67276877ec60fe

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/n/nagios3/nagios3-dbg_3.0.6-2ubuntu1.1_lpia.deb
      Size/MD5:  2518790 6bb2db3e55bbac932c61337bd747607c
    http://ports.ubuntu.com/pool/main/n/nagios3/nagios3_3.0.6-2ubuntu1.1_lpia.deb
      Size/MD5:  1381592 8ddf7128ad7e373dd83f5c322961660a

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/n/nagios3/nagios3-dbg_3.0.6-2ubuntu1.1_powerpc.deb
      Size/MD5:  2677292 7c7a08f106cda4312bb4ca5a78f574d9
    http://ports.ubuntu.com/pool/main/n/nagios3/nagios3_3.0.6-2ubuntu1.1_powerpc.deb
      Size/MD5:  1531258 bb4c09f548d08b0f23b48f6de1ac1602

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/n/nagios3/nagios3-dbg_3.0.6-2ubuntu1.1_sparc.deb
      Size/MD5:  2367924 6d548fa4e1b0845eb83713fd95179811
    http://ports.ubuntu.com/pool/main/n/nagios3/nagios3_3.0.6-2ubuntu1.1_sparc.deb
      Size/MD5:  1384926 ee9e8973823c241fe7b9d5611476b887



 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Anti-surveillance advocates want you to run an open, secure WiFi router
Attackers raid SWISS BANKS with DNS and malware bombs
A Convicted Hacker and an Internet Icon Join Forces to Thwart NSA Spying
Black Hat presentation on TOR suddenly cancelled
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.