Common Vulnerabilities and Exposures assigned an identifier to the following vulnerability: Name: CVE-2008-6373 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6373 Assigned: 20090302 Reference: CONFIRM: http://www.nagios.org/development/history/nagios-3x.php Reference: CONFIRM: http://www.nagios.org/news/#88 Reference: BID:32611 Reference: URL: http://www.securityfocus.com/bid/32611 Reference: SECUNIA:32909 Reference: URL: http://secunia.com/advisories/32909 Unspecified vulnerability in Nagios before 3.0.6 has unspecified impact and remote attack vectors related to CGI programs, "adaptive external commands," and "writing newlines and submitting service comments." Additional resources: http://bugs.gentoo.org/show_bug.cgi?id=249876 http://sourceforge.net/mailarchive/forum.php?thread_name=E1L6mat-0001sb-RN%40fdv4jf1.ch3.sourceforge.com&forum_name=nagios-checkins And a thread the discusses this issue: http://www.openwall.com/lists/oss-security/2008/12/17/10
Fedora 10 should be updated to 3.0.6 to correct this issue (3.0.6 is currently in testing). For Fedora 9 and HPC which provide Nagios 2.x, this is a non-issue as this is due to an incomplete fix for CVE-2008-5028 and should therefore only affect Nagios 3.0.5 (so only affecting Fedora 10).
Sorry, this one refers to an incomplete CVE-2008-5027 fix, not -5028 (but again only affects Nagios 3.0.5).