[Secure-testing-commits] r10364 - data/CVE
nion at alioth.debian.org
nion at alioth.debian.org
Tue Nov 11 12:41:30 UTC 2008
Author: nion
Date: 2008-11-11 12:41:29 +0000 (Tue, 11 Nov 2008)
New Revision: 10364
Modified:
data/CVE/list
Log:
nagios cveified
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-11-11 12:34:22 UTC (rev 10363)
+++ data/CVE/list 2008-11-11 12:41:29 UTC (rev 10364)
@@ -101,12 +101,14 @@
NOT-FOR-US: eXPert PDF Viewer X ActiveX
CVE-2008-4918 (Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced ...)
NOT-FOR-US: SonicOS Enhanced
-CVE-2008-XXXX [CSRF in nagios]
+CVE-2008-5027 [command injection in nagios]
+ - nagios3 <unfixed> (unimportant)
+ NOTE: the nagios process shouldnt have rights to execute important commands and non-trusted
+ NOTE: users shouldn't have access to nagios anyway
+CVE-2008-5028 [CSRF in nagios]
- nagios3 <unfixed> (low; bug #504894)
[etch] - nagios2 <no-dsa> (CSRF can only cause DoS and needs admin's browser)
- NOTE: http://secunia.com/Advisories/32543/
TODO: check nagios2
- NOTE: this is SA32610,
CVE-2008-4917
RESERVED
CVE-2008-4916
More information about the Secure-testing-commits
mailing list