nion at alioth.debian.org
2008-Nov-11 12:41 UTC
[Secure-testing-commits] r10364 - data/CVE
Author: nion Date: 2008-11-11 12:41:29 +0000 (Tue, 11 Nov 2008) New Revision: 10364 Modified: data/CVE/list Log: nagios cveified Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-11-11 12:34:22 UTC (rev 10363) +++ data/CVE/list 2008-11-11 12:41:29 UTC (rev 10364) @@ -101,12 +101,14 @@ NOT-FOR-US: eXPert PDF Viewer X ActiveX CVE-2008-4918 (Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced ...) NOT-FOR-US: SonicOS Enhanced -CVE-2008-XXXX [CSRF in nagios] +CVE-2008-5027 [command injection in nagios] + - nagios3 <unfixed> (unimportant) + NOTE: the nagios process shouldnt have rights to execute important commands and non-trusted + NOTE: users shouldn''t have access to nagios anyway +CVE-2008-5028 [CSRF in nagios] - nagios3 <unfixed> (low; bug #504894) [etch] - nagios2 <no-dsa> (CSRF can only cause DoS and needs admin''s browser) - NOTE: http://secunia.com/Advisories/32543/ TODO: check nagios2 - NOTE: this is SA32610, CVE-2008-4917 RESERVED CVE-2008-4916