Debian 4.0: DSA-1883-1 Critical: nagios2 Cross-Site Scripting
debian
September 10, 2009
Several vulnerabilities have been found in nagios2, ahost/service/network monitoring and management system
Summary
Several cross-site scripting issues via several parameters were
discovered in the CGI scripts, allowing attackers to inject arbitrary
HTML code. In order to cover the different attack vectors, these issues
have been assigned CVE-2007-5624, CVE-2007-5803 and CVE-2008-1360.
For the oldstable distribution (etch), these problems have been fixed in
version 2.6-2+etch4.
The stable distribution (lenny) does not include nagios2 and nagios3 is
not affected by these problems.
The testing distribution (squeeze) and the unstable distribution (sid)
do not contain nagios2 and nagios3 is not affected by these problems.
We recommend that you upgrade your nagios2 packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
Yo...
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!