drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in Nagios
Name: |
Zwei Probleme in Nagios |
|
ID: |
USN-1151-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 |
|
Datum: |
Mi, 15. Juni 2011, 22:35 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1523
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2179 |
|
Applikationen: |
Nagios |
|
Originalnachricht |
--===============0210054078266957224== Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-dXvStTZ/7bL3+87g+SVi"
--=-dXvStTZ/7bL3+87g+SVi Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1151-1 June 15, 2011
nagios3 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS
Summary:
An attacker could modify or steal data if you were tricked into clicking on a special link to Nagios.
Software Description: - nagios3: A host/service/network monitoring and management system
Details:
Stefan Schurtz discovered than Nagios did not properly sanitize its input when processing certain requests, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.04: nagios3-cgi 3.2.3-1ubuntu1.2
Ubuntu 10.10: nagios3-cgi 3.2.1-2ubuntu1.2
Ubuntu 10.04 LTS: nagios3-cgi 3.2.0-4ubuntu2.2
After a standard system update you need to restart Nagios to make all the necessary changes.
References: CVE-2011-1523, CVE-2011-2179
Package Information: https://launchpad.net/ubuntu/+source/nagios3/3.2.3-1ubuntu1.2 https://launchpad.net/ubuntu/+source/nagios3/3.2.1-2ubuntu1.2 https://launchpad.net/ubuntu/+source/nagios3/3.2.0-4ubuntu2.2
--ÝXvStTZ/7bL3+87g+SVi Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJN+Pr4AAoJEGVp2FWnRL6TsJUQAKk3WrDx3phzswdVN4Q5JAGS SHNk15kzwrdRFu6wdh8grHjn2Me56TDTEXhxOAfV0nLw2Wp+yu0dlzazUo0ooae6 aRDXyjCpx3KOey/WDxaXK3JcHJBq8OXEiiRpWOS4tCZaUkquHbvYuvMInZ1LAuOx KonTtTZ/qgwsQbQOY8a4S33BynzowWJg9LcTO0Zea3p5FdND40eRXKGOyDcisfcx 9xoTJDjPBl3WDAHEodHJdDWd7EEsEbT/KMbmfo2R71vuSs6DUzclj2kUy90QcNcc NXBUokJNh5TMGw6stZ7AJi4Xeqv27NTrb3aogR5zSAqVch8qoouQU59L/s2Td+QK cQJgwpq2vRTbJlmK2dIP378XhicvGs/dlzsS6qkkJ/n8VKb8DFAZSFY405CgxQPv LdAFvxpFQnPlduTlgRBaAtlpuGoXxLZV+8DPk6qkJ3nsvZxTaOGc/73Pc9wJNzh7 7lQ+Ksxh5xqYyxUZL6Vz8+sMJaQG1TfIdvQl736YpkPELNi14C1E77M07Zgm7RUR oxdqYjrzTY44AgezTDahrpmTyIK7cHIFdIpSgkXTvbtxwQfTfy4q5KwVN6okd0iS LQRoei2v8np4inAYuwFR3GI1Z+0CSmbo1ood3kqIeNZfM6ML8ASDbUIkh3RJ5g+O 2iX9FahQQMt/HIAAucOE =pqw2 -----END PGP SIGNATURE-----
--=-dXvStTZ/7bL3+87g+SVi--
--===============0210054078266957224== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============0210054078266957224==--
|
|
|
|