[Pkg-nagios-devel] Bug#719056: nagios3 leaks info about install to upstream

Thijs Kinkhorst thijs at debian.org
Fri Jan 3 12:31:32 UTC 2014


> The file html/rss-newsfeed.php in nagios3 (installed into nagios3-cgi)
> use /tmp insecurely by fixed cache dir name:

Actually, besides the tempfile usage, this PHP script exists to query the
Nagios upstream website on any load of the front page of the installation,
which leaks information about machines having Nagios installed. Perhaps
it's better to just remove this functionality.


More information about the Pkg-nagios-devel mailing list