Ispravljeni propusti paketa nagios

Otklonjene su dvije ranjivosti u radu programskog paketa nagios za operacijske sustave Fedora 15 i 16. Udaljeni napadač je spomenute propuste mogao iskoristiti za proizvoljno pokretanje skriptnog i HTML koda.

Paket:	nagios 3.x
Operacijski sustavi:	Fedora 15, Fedora 16
Kritičnost:	4.1
Problem:	XSS
Iskorištavanje:	udaljeno
Posljedica:	umetanje HTML i skriptnog koda
Rješenje:	programska zakrpa proizvođača
CVE:	CVE-2011-1523, CVE-2011-2179
Izvorni ID preporuke:	FEDORA-2012-1583
Izvor:	Fedora

Problem:
Problemi sigurnosti su posljedica višestrukih XSS (eng. Cross-site scripting) ranjivosti u datotekama "statusmap.c" i "config.c".
Posljedica:
Posljedice napada su umetanje HTML i skriptnog koda putem posebno oblikovanih parametara.
Rješenje:
Svim se korisnicima programskog paketa nagios savjetuje korištenje njegove najnovije inačice.

Izvorni tekst preporuke

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-1583
2012-02-12 22:10:32
--------------------------------------------------------------------------------

Name        : nagios
Product     : Fedora 15
Version     : 3.3.1
Release     : 3.fc15
URL         : http://www.nagios.org/
Summary     : Nagios monitors hosts and services and yells if somethings breaks
Description :
Nagios is a program that will monitor hosts and services on your
network.  It has the ability to send email or page alerts when a
problem arises and when a problem is resolved.  Nagios is written
in C and is designed to run under Linux (and some other *NIX
variants) as a background process, intermittently running checks
on various services that you specify.

The actual service checks are performed by separate "plugin" programs
which return the status of the checks to Nagios. The plugins are
available at http://sourceforge.net/projects/nagiosplug.

This package provides the core program, web interface, and documentation
files for Nagios. Development files are built as a separate package.

--------------------------------------------------------------------------------
Update Information:

Move the nagios-common's usermod line to the main nagios package
Add php to the requirements list
Update to version 3.3.1.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Feb 10 2012 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.3.1-3
- Move the nagios-common's usermod line to the main nagios package (#627527).
* Fri Feb 10 2012 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.3.1-2
- Add php to the requirements list (#519371, et al.).
* Tue Feb  7 2012 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.3.1-1
- Upgrade to 3.3.1 (#732329);
  includes fixes for CVE-2011-1523 and CVE-2011-2179 (#690880, #690881,
#709874).
- Make nagios-common own the /usr/lib{,64}/nagios/plugins directories (#756839).
- Change the ownership of /etc/nagios to the nagios-common package (#756839).
- Retab (tabs -> spaces).
* Fri Jan 13 2012 Fedora Release Engineering <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> -
3.2.3-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Dec  6 2011 Adam Jackson <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.2.3-12
- Rebuild for new libpng
* Tue Jun 21 2011 Marcela MaÄ¹Ä

Ispravljeni propusti paketa nagios

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti

Ispravljeni propusti paketa nagios

Tražilica portala

Aktivnosti

O CIS-u

Posljednje sigurnosne preporuke

Posljednje vijesti

Popularni članci

Posljednji dokumenti