Test ID:	1.3.6.1.4.1.25623.1.0.840682
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-1151-1)
Summary:	The remote host is missing an update for the 'nagios3' package(s) announced via the USN-1151-1 advisory.
Description:	Summary: The remote host is missing an update for the 'nagios3' package(s) announced via the USN-1151-1 advisory. Vulnerability Insight: Stefan Schurtz discovered than Nagios did not properly sanitize its input when processing certain requests, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Affected Software/OS: 'nagios3' package(s) on Ubuntu 10.04, Ubuntu 10.10, Ubuntu 11.04. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1523 http://tracker.nagios.org/view.php?id=207 http://www.rul3z.de/advisories/SSCHADV2011-002.txt http://openwall.com/lists/oss-security/2011/03/25/3 http://openwall.com/lists/oss-security/2011/03/28/4 http://secunia.com/advisories/43287 http://secunia.com/advisories/44974 http://securityreason.com/securityalert/8241 http://www.ubuntu.com/usn/USN-1151-1 Common Vulnerability Exposure (CVE) ID: CVE-2011-2179 20110601 Cross-Site Scripting vulnerability in Icinga http://archives.neohapsis.com/archives/bugtraq/2011-06/0017.html 20110601 Cross-Site Scripting vulnerability in Nagios http://archives.neohapsis.com/archives/bugtraq/2011-06/0018.html 44974 48087 http://www.securityfocus.com/bid/48087 8274 http://securityreason.com/securityalert/8274 USN-1151-1 [oss-security] 20110601 CVE request: XSS in nagios http://www.openwall.com/lists/oss-security/2011/06/01/10 [oss-security] 20110602 Re: CVE request: XSS in nagios http://www.openwall.com/lists/oss-security/2011/06/02/6 http://tracker.nagios.org/view.php?id=224 http://www.rul3z.de/advisories/SSCHADV2011-005.txt http://www.rul3z.de/advisories/SSCHADV2011-006.txt https://bugzilla.redhat.com/show_bug.cgi?id=709871 https://dev.icinga.org/issues/1605 icinga-expand-xss(67797) https://exchange.xforce.ibmcloud.com/vulnerabilities/67797
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.