Gentoo Linux Security Advisory GLSA 200907-15 - Multiple vulnerabilities in Nagios may lead to the execution of arbitrary code. Versions less than 3.0.6-r2 are affected.
15854a35770c10a91cb609a48f4a7774e8d4d6d67c4cbc672de3009f5242e9cb
HP Security Bulletin - Potential security vulnerabilities have been identified with Insight Control suite for Linux (ICE-LX) running Nagios. The vulnerabilities could be remotely exploited via cross-site request forgery (CSRF) and remote authentication bypass.
705ec91f5f467524c9fce9e62505f8c8bf65546431a3dd799716c3c4b2975f50
Ubuntu Security Notice USN-698-3 - It was discovered that Nagios was vulnerable to a Cross-site request forgery (CSRF) vulnerability. If an authenticated nagios user were tricked into clicking a link on a specially crafted web page, an attacker could trigger commands to be processed by Nagios and execute arbitrary programs. This update alters Nagios behaviour by disabling submission of CMD_CHANGE commands. It was discovered that Nagios did not properly parse commands submitted using the web interface. An authenticated user could use a custom form or a browser addon to bypass security restrictions and submit unauthorized commands.
4130a0a5287319a13ee95d2404c6c96183d3992fe351e772736db192651c5d89
Ubuntu Security Notice USN-698-2 - It was discovered that Nagios was vulnerable to a Cross-site request forgery (CSRF) vulnerability. If an authenticated nagios user were tricked into clicking a link on a specially crafted web page, an attacker could trigger commands to be processed by Nagios and execute arbitrary programs. This update alters Nagios behaviour by disabling submission of CMD_CHANGE commands. It was discovered that Nagios did not properly parse commands submitted using the web interface. An authenticated user could use a custom form or a browser addon to bypass security restrictions and submit unauthorized commands.
4e244374ea539938e1f6f7982c0d57401709ea018fc2a14023fe9f1283920975
Ubuntu Security Notice USN-698-1 - It was discovered that Nagios did not properly parse commands submitted using the web interface. An authenticated user could use a custom form or a browser addon to bypass security restrictions and submit unauthorized commands.
d9dfe7061cd9c715a0607cd9560ce84412a88d2dbe4f4a431ec91723cd520c8c