Vulnerability Details CVE-2008-5027
The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.0%
CVSS Severity
CVSS v2 Score 6.5
References
- http://marc.info/?l=bugtraq&m=124156641928637&w=2
- http://marc.info/?l=bugtraq&m=124156641928637&w=2
- http://secunia.com/advisories/33320
- http://secunia.com/advisories/35002
- http://security.gentoo.org/glsa/glsa-200907-15.xml
- http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel
- http://www.nagios.org/development/history/nagios-3x.php
- http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor
- http://www.openwall.com/lists/oss-security/2008/11/06/2
- http://www.securityfocus.com/bid/32156
- http://www.securitytracker.com/id?1022165
- http://www.ubuntu.com/usn/USN-698-1
- http://www.vupen.com/english/advisories/2008/3029
- http://www.vupen.com/english/advisories/2008/3364
- http://www.vupen.com/english/advisories/2009/1256
- https://www.ubuntu.com/usn/USN-698-3/
- http://marc.info/?l=bugtraq&m=124156641928637&w=2
- http://marc.info/?l=bugtraq&m=124156641928637&w=2
- http://secunia.com/advisories/33320
- http://secunia.com/advisories/35002
- http://security.gentoo.org/glsa/glsa-200907-15.xml
- http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel
- http://www.nagios.org/development/history/nagios-3x.php
- http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor
- http://www.openwall.com/lists/oss-security/2008/11/06/2
- http://www.securityfocus.com/bid/32156
- http://www.securitytracker.com/id?1022165
- http://www.ubuntu.com/usn/USN-698-1
- http://www.vupen.com/english/advisories/2008/3029
- http://www.vupen.com/english/advisories/2008/3364
- http://www.vupen.com/english/advisories/2009/1256
- https://www.ubuntu.com/usn/USN-698-3/
Products affected by CVE-2008-5027
-
cpe:2.3:a:nagios:nagios:1.0
-
cpe:2.3:a:nagios:nagios:1.0_b1
-
cpe:2.3:a:nagios:nagios:1.0_b2
-
cpe:2.3:a:nagios:nagios:1.0_b3
-
cpe:2.3:a:nagios:nagios:1.0b1
-
cpe:2.3:a:nagios:nagios:1.0b2
-
cpe:2.3:a:nagios:nagios:1.0b3
-
cpe:2.3:a:nagios:nagios:1.0b4
-
cpe:2.3:a:nagios:nagios:1.0b5
-
cpe:2.3:a:nagios:nagios:1.0b6
-
cpe:2.3:a:nagios:nagios:1.1
-
cpe:2.3:a:nagios:nagios:1.2
-
cpe:2.3:a:nagios:nagios:1.3
-
cpe:2.3:a:nagios:nagios:1.4
-
cpe:2.3:a:nagios:nagios:1.4.1
-
cpe:2.3:a:nagios:nagios:2.0
-
cpe:2.3:a:nagios:nagios:2.0.1
-
cpe:2.3:a:nagios:nagios:2.0b1
-
cpe:2.3:a:nagios:nagios:2.0b2
-
cpe:2.3:a:nagios:nagios:2.0b3
-
cpe:2.3:a:nagios:nagios:2.0b4
-
cpe:2.3:a:nagios:nagios:2.0b5
-
cpe:2.3:a:nagios:nagios:2.0b6
-
cpe:2.3:a:nagios:nagios:2.0rc1
-
cpe:2.3:a:nagios:nagios:2.0rc2
-
cpe:2.3:a:nagios:nagios:2.1
-
cpe:2.3:a:nagios:nagios:2.1.3
-
cpe:2.3:a:nagios:nagios:2.10
-
cpe:2.3:a:nagios:nagios:2.11
-
cpe:2.3:a:nagios:nagios:2.2
-
cpe:2.3:a:nagios:nagios:2.3
-
cpe:2.3:a:nagios:nagios:2.3.1
-
cpe:2.3:a:nagios:nagios:2.4
-
cpe:2.3:a:nagios:nagios:2.5
-
cpe:2.3:a:nagios:nagios:2.7
-
cpe:2.3:a:nagios:nagios:2.8
-
cpe:2.3:a:nagios:nagios:2.9
-
cpe:2.3:a:nagios:nagios:3.0
-
cpe:2.3:a:nagios:nagios:3.0.1
-
cpe:2.3:a:nagios:nagios:3.0.2
-
cpe:2.3:a:nagios:nagios:3.0.3
-
cpe:2.3:a:nagios:nagios:3.0.4
-
cpe:2.3:a:op5:monitor:-
-
cpe:2.3:a:op5:monitor:2.4
-
cpe:2.3:a:op5:monitor:2.6
-
cpe:2.3:a:op5:monitor:2.8
-
cpe:2.3:a:op5:monitor:3.0
-
cpe:2.3:a:op5:monitor:3.0.0
-
cpe:2.3:a:op5:monitor:3.2
-
cpe:2.3:a:op5:monitor:3.2.4
-
cpe:2.3:a:op5:monitor:3.3.1
-
cpe:2.3:a:op5:monitor:3.3.2
-
cpe:2.3:a:op5:monitor:3.3.3