[op5-users] security update for monitor later today
Johannes Dagemark
jd at op5.com
Thu Nov 6 08:50:42 CET 2008
Hey all
Recently a security issue with Nagios was discovered. Andreas has been
working together with a couple of other persons in the Nagios community
to fix this and we will release an updated version of op5 Monitor later
today.
------------snip from the nagios-devel mailing list-------------------
it was a possible Cross Site Request Forgery Attack against the cmd.cgi
which allows an authorized attacker to inject external commands to
nagios. In worst case the attacker might execute any shell code.
I don't want go deeper into this on public readable ressources. I've
tested the possible attack and it was evil enough for me to update as
soon as possible.
------------snip from the nagios-devel mailing list-------------------
More info will be posted later today. It is highly recommended to update
Best regards
--
Johannes Dagemark
VP Engineering
________________________________________
op5 AB
Första Långgatan 19
SE-413 27 Gothenburg
cell: +46 733-70 90 24
fax: +46 31-774 04 32
Email: jd at op5.com
http://www.op5.com/
More information about the op5-users
mailing list