New nagios version was released recently with following entry in the changelog: Fix for a potential cross site scripting vulnerability in the CGIs Common Vulnerabilities and Exposures assigned an identifier CVE-2007-5624 to this vulnerability: Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts. References: http://www.nagios.org/development/changelog.php#2x_branch http://secunia.com/advisories/27316
Mike: Please make the updates. Is there anything that prevent you from doing so? Do you need any help?
This issue was addressed in: Fedora: https://admin.fedoraproject.org/updates/F7/FEDORA-2007-4123 https://admin.fedoraproject.org/updates/F8/FEDORA-2007-4145
Created attachment 305352 [details] SuSE patch This fix is present in upstream version 2.10. (Extracted from SuSE nagios-2.9-48.4.src.rpm)