what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Debian Linux Security Advisory 1883-2

Debian Linux Security Advisory 1883-2
Posted Sep 15, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1883-2 - The previous nagios2 update introduced a regression, which caused status.cgi to segfault when used directly without specifying the 'host' variable. This update fixes the problem.

tags | advisory, cgi
systems | linux, debian
advisories | CVE-2007-5624, CVE-2007-5803, CVE-2008-1360
SHA-256 | aea50dbf0f0cc940482bdf833e1a6968c13cf817e8c311dd451e904dd17e6204

Debian Linux Security Advisory 1883-2

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1883-2 security@debian.org
http://www.debian.org/security/ Giuseppe Iuculano
September 14, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : nagios2
Vulnerability : missing input sanitising
Problem type : remote
Debian-specific: no
CVE Ids : CVE-2007-5624 CVE-2007-5803 CVE-2008-1360
Debian Bugs : 448371 482445 485439

The previous nagios2 update introduced a regression, which caused
status.cgi to segfault when used directly without specifying the 'host'
variable. This update fixes the problem. For reference the original
advisory text follows.


Several vulnerabilities have been found in nagios2, ahost/service/network
monitoring and management system. The Common Vulnerabilities and
Exposures project identifies the following problems:


Several cross-site scripting issues via several parameters were
discovered in the CGI scripts, allowing attackers to inject arbitrary
HTML code. In order to cover the different attack vectors, these issues
have been assigned CVE-2007-5624, CVE-2007-5803 and CVE-2008-1360.



For the oldstable distribution (etch), these problems have been fixed in
version 2.6-2+etch5.

The stable distribution (lenny) does not include nagios2 and nagios3 is
not affected by these problems.

The testing distribution (squeeze) and the unstable distribution (sid)
do not contain nagios2 and nagios3 is not affected by these problems.


We recommend that you upgrade your nagios2 packages.


Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (oldstable)
- ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch5.diff.gz
Size/MD5 checksum: 35726 1c9d7955bb59162fa82934ef12c53d73
http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch5.dsc
Size/MD5 checksum: 948 93eeeb6eb5ba0d7d3d5c659f9cc762e4
http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6.orig.tar.gz
Size/MD5 checksum: 1734400 a032edba07bf389b803ce817e9406c02

Architecture independent packages:

http://security.debian.org/pool/updates/main/n/nagios2/nagios2-common_2.6-2+etch5_all.deb
Size/MD5 checksum: 59516 8edae60c2b64183afbd5b5c5c79df649
http://security.debian.org/pool/updates/main/n/nagios2/nagios2-doc_2.6-2+etch5_all.deb
Size/MD5 checksum: 1150060 c5b23e507b405aed13e6148381a5161f

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch5_alpha.deb
Size/MD5 checksum: 1222220 33fac2a26d60b48a2e3d6cc03ef161f2
http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch5_alpha.deb
Size/MD5 checksum: 1703082 685386628adefdea4ef139d8d073be57

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch5_amd64.deb
Size/MD5 checksum: 1688192 fdc3c934dc4e0afa728d9789fc1071aa
http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch5_amd64.deb
Size/MD5 checksum: 1098470 c08807062733811fa047eb15d9727c82

arm architecture (ARM)

http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch5_arm.deb
Size/MD5 checksum: 1025042 a9d7fa95c7eac54287a2e73478ea3ba6
http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch5_arm.deb
Size/MD5 checksum: 1537944 59b06b0f6ae1061d01a7f1a7b85fb4b4

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch5_hppa.deb
Size/MD5 checksum: 1621998 07cca557bc05cb0f4845f05c0d2b9311
http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch5_hppa.deb
Size/MD5 checksum: 1148900 d5b10578c95a21ce66ff11cc5a870047

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch5_i386.deb
Size/MD5 checksum: 1587914 84dcc6957ce50c2b6e7ff243d21b5e8d
http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch5_i386.deb
Size/MD5 checksum: 1017162 d57c40f4621e185fee5fe0bbd814b7d5

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch5_ia64.deb
Size/MD5 checksum: 1623636 7abc0f025330c87d2c7a9b4bf3252d16
http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch5_ia64.deb
Size/MD5 checksum: 1711368 59bd21369a4a978d1509fe15f7b59349

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch5_mipsel.deb
Size/MD5 checksum: 1663800 7fae1ba19b03ab963b9a4dfa2055cfc5
http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch5_mipsel.deb
Size/MD5 checksum: 1104990 2536c8ff0b839a7028fc605b2f2faab8

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch5_powerpc.deb
Size/MD5 checksum: 1667892 06826d82ff58171d82bdee8c3eb32b61
http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch5_powerpc.deb
Size/MD5 checksum: 1088416 0552ad5628f45dd8a0e69d0f126a40b1

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch5_sparc.deb
Size/MD5 checksum: 1485348 46f02971253b25e3e9622bc95863d022
http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch5_sparc.deb
Size/MD5 checksum: 988288 d289d9b68334c7c5a1486771136cac4c


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkquV9MACgkQ62zWxYk/rQeIDACfQYbt5mrdv8WsxrF9XedJoFuk
pRIAnjQKB2pY0CtUeUQBLt+njobuqbJJ
=IyDf
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close