1. Ubuntu Security Notices
  2. USN-1151-1

USN-1151-1: Nagios vulnerabilities

Publication date

15 June 2011

Overview

An attacker could modify or steal data if you were tricked into clicking on a special link to Nagios.

Releases

Packages

  • nagios3 - A host/service/network monitoring and management system

Details

Stefan Schurtz discovered than Nagios did not properly sanitize its input
when processing certain requests, resulting in cross-site scripting (XSS)
vulnerabilities. With cross-site scripting vulnerabilities, if a user were
tricked into viewing server output during a crafted server request, a
remote attacker could exploit this to modify the contents, or steal
confidential data, within the same domain.

Stefan Schurtz discovered than Nagios did not properly sanitize its input
when processing certain requests, resulting in cross-site scripting (XSS)
vulnerabilities. With cross-site scripting vulnerabilities, if a user were
tricked into viewing server output during a crafted server request, a
remote attacker could exploit this to modify the contents, or steal
confidential data, within the same domain.

Update instructions

After a standard system update you need to restart Nagios to make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
11.04 natty nagios3-cgi –  3.2.3-1ubuntu1.2
10.10 maverick nagios3-cgi –  3.2.1-2ubuntu1.2
10.04 lucid nagios3-cgi –  3.2.0-4ubuntu2.2

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›