CVE-2008-5027

Nagios < 3.0.5 - Authenticated Arbitrary Program Execution via Custom Form or Browser Addon

Title source: llm
STIX 2.1

Description

The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon.

References (15)

Core 15
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/3364
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200907-15.xml
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33320
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/11/06/2
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/32156
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1022165
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://www.ubuntu.com/usn/USN-698-3/
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/3029
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=124156641928637&w=2
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1256
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-698-1
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35002

Scores

EPSS 0.0071
EPSS Percentile 72.4%

Details

CWE
CWE-264
Status published
Products (36)
nagios/nagios 1.0
nagios/nagios 1.0_b1
nagios/nagios 1.0_b2
nagios/nagios 1.0_b3
nagios/nagios 1.0b1
nagios/nagios 1.0b2
nagios/nagios 1.0b3
nagios/nagios 1.0b4
nagios/nagios 1.0b5
nagios/nagios 1.0b6
... and 26 more
Published Nov 10, 2008
Tracked Since Feb 18, 2026