Common Vulnerabilities and Exposures assigned an identifier CVE-2008-5027 to the following vulnerability: The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon. References: http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel http://www.openwall.com/lists/oss-security/2008/11/06/2 http://www.nagios.org/development/history/nagios-3x.php http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor http://www.securityfocus.com/bid/32156
nagios-3.0.5-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
Created attachment 336393 [details] Ubuntu patch to fix CVE-2008-5027 Ubuntu has released an update to Nagios 2.11 and I am attaching the two patches used to fix this issue. http://www.ubuntu.com/usn/USN-698-3