Red Hat Bugzilla – Bug 470840
CVE-2008-5027 nagios: authorization bypass via custom form or browser addon
Last modified: 2012-03-27 04:44:33 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-5027 to the following vulnerability:
The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor
before 4.0.1 allows remote authenticated users to bypass authorization
checks, and trigger execution of arbitrary programs by this process,
via an (a) custom form or a (b) browser addon.
nagios-3.0.5-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
Created attachment 336393 [details]
Ubuntu patch to fix CVE-2008-5027
Ubuntu has released an update to Nagios 2.11 and I am attaching the two patches used to fix this issue.