Launchpad CVE tracker

CVE 2008-5028

Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests.

Related bugs and status

CVE-2008-5028 (Candidate) is related to these bugs:

Bug #301542: Bypass auth checks in Nagios (CVE-2008-5027, CVE-2008-5028)

Summary				In	Importance	Status
	301542	Bypass auth checks in Nagios (CVE-2008-5027, CVE-2008-5028)		nagios3 (Ubuntu)	Undecided	Fix Released

Bug #308434: Please merge nagios3_3.0.6-1ubuntu1 from debian unstable

Summary				In	Importance	Status
	308434	Please merge nagios3_3.0.6-1ubuntu1 from debian unstable		nagios3 (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2008110...
CONFIRM: http://git.op5.org/git...
CONFIRM: http://www.op5.com/sup...
SECUNIA: 32610
SECUNIA: 33320
VUPEN: ADV-2008-3029
SECUNIA: 35002
VUPEN: ADV-2009-1256
SECTRACK: 1022165
GENTOO: GLSA-200907-15
SECUNIA: 32630
OSVDB: 49678
UBUNTU: USN-698-3
MLIST: [nagios-devel] 2008110...
HP: HPSBMA02419
HP: SSRT090060
XF: nagios-cmd-csrf(46426)
XF: op5monitor-unspecified...

Launchpad.net

CVE 2008-5028

Related bugs and status

Related bugs

References