 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.64866 |
| Category: | Debian Local Security Checks |
| Title: | Debian: Security Advisory (DSA-1883-1) |
| Summary: | The remote host is missing an update for the Debian 'nagios2' package(s) announced via the DSA-1883-1 advisory.;; This VT has been deprecated and merged into the VT 'deb_1883.nasl' (OID: 1.3.6.1.4.1.25623.1.0.64866). |
| Description: | Summary: The remote host is missing an update for the Debian 'nagios2' package(s) announced via the DSA-1883-1 advisory. This VT has been deprecated and merged into the VT 'deb_1883.nasl' (OID: 1.3.6.1.4.1.25623.1.0.64866). Vulnerability Insight: Several vulnerabilities have been found in nagios2, a host/service/network monitoring and management system. The Common Vulnerabilities and Exposures project identifies the following problems: Several cross-site scripting issues via several parameters were discovered in the CGI scripts, allowing attackers to inject arbitrary HTML code. In order to cover the different attack vectors, these issues have been assigned CVE-2007-5624, CVE-2007-5803 and CVE-2008-1360. For the oldstable distribution (etch), these problems have been fixed in version 2.6-2+etch4. The stable distribution (lenny) does not include nagios2, and nagios3 is not affected by these problems. The testing distribution (squeeze) and the unstable distribution (sid) do not contain nagios2, and nagios3 is not affected by these problems. We recommend that you upgrade your nagios2 packages. Affected Software/OS: 'nagios2' package(s) on Debian 4. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2007-5624 BugTraq ID: 26152 http://www.securityfocus.com/bid/26152 https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00125.html https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00161.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:067 https://bugzilla.redhat.com/show_bug.cgi?id=362791 https://bugzilla.redhat.com/show_bug.cgi?id=362801 http://secunia.com/advisories/27316 http://secunia.com/advisories/27980 SuSE Security Announcement: SUSE-SR:2008:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html http://www.vupen.com/english/advisories/2007/3567 XForce ISS Database: nagios-cgi-xss(37350) https://exchange.xforce.ibmcloud.com/vulnerabilities/37350 Common Vulnerability Exposure (CVE) ID: CVE-2007-5803 BugTraq ID: 29140 http://www.securityfocus.com/bid/29140 http://secunia.com/advisories/30202 http://secunia.com/advisories/30283 http://www.vupen.com/english/advisories/2008/1567/references XForce ISS Database: nagios-cgi-unspecified-xss(42522) https://exchange.xforce.ibmcloud.com/vulnerabilities/42522 Common Vulnerability Exposure (CVE) ID: CVE-2008-1360 BugTraq ID: 28250 http://www.securityfocus.com/bid/28250 http://secunia.com/advisories/29363 http://www.vupen.com/english/advisories/2008/0900/references XForce ISS Database: nagios-unspecified-xss(41210) https://exchange.xforce.ibmcloud.com/vulnerabilities/41210 |
| Copyright | Copyright (C) 2009 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |