Ispravljen je sigurnosni propust otkriven u radu programskog paketa Nagios. Udaljeni su ga napadači mogli iskoristiti za umetanje proizvoljne web skripte ili HTML koda.
Paket:
nagios 3.x
Operacijski sustavi:
Mandriva Linux Enterprise Server 5.0
Kritičnost:
4.1
Problem:
XSS
Iskorištavanje:
udaljeno
Posljedica:
umetanje HTML i skriptnog koda
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-1523
Izvorni ID preporuke:
MDVSA-2012:049
Izvor:
Mandriva
Problem:
Propust je posljedica XSS ranjivosti u datoteci "statusmap.c" u skripti statusmap.cgi.
Posljedica:
Napadaču omogućuje izvođenje XSS (eng. cross-site scripting) napada.
Rješenje:
Korisnicima se savjetuje korištenje ispravljene inačice.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2012:049
http://www.mandriva.com/security/
_______________________________________________________________________
Package : nagios
Date : April 2, 2012
Affected: Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in nagios:
Cross-site scripting (XSS) vulnerability in statusmap.c in
statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers
to inject arbitrary web script or HTML via the layer parameter
(CVE-2011-1523).
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1523
_______________________________________________________________________
Updated Packages:
Mandriva Enterprise Server 5:
059a6231a27f937cfa57b57aa79a630d mes5/i586/nagios-3.1.2-0.3mdvmes5.2.i586.rpm
5ea3868c9be08f8765c2f97157203026
mes5/i586/nagios-devel-3.1.2-0.3mdvmes5.2.i586.rpm
4b35173acef9ee6863c5f02d63ffa7fe
mes5/i586/nagios-theme-default-3.1.2-0.3mdvmes5.2.i586.rpm
7bd8eaade4d3dba2e07457b9515ab710
mes5/i586/nagios-www-3.1.2-0.3mdvmes5.2.i586.rpm
0053e07519244b41c51dae08cafccebf mes5/SRPMS/nagios-3.1.2-0.3mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
b68e9b999f0aacdb99e6ce85a1b670cd
mes5/x86_64/nagios-3.1.2-0.3mdvmes5.2.x86_64.rpm
4d1c36401b054919973893f3fae7d366
mes5/x86_64/nagios-devel-3.1.2-0.3mdvmes5.2.x86_64.rpm
1acfd0ecece2a841b1f68783e734d2ac
mes5/x86_64/nagios-theme-default-3.1.2-0.3mdvmes5.2.x86_64.rpm
e1bd24938b0b2dd7f5fb9f72bf50ca61
mes5/x86_64/nagios-www-3.1.2-0.3mdvmes5.2.x86_64.rpm
0053e07519244b41c51dae08cafccebf mes5/SRPMS/nagios-3.1.2-0.3mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFPeZuzmqjQ0CJFipgRAlL0AKDTKQqhXBEzJhsawP5hmcZ76xqpGQCgvVFL
e0TOzup0G+UYm5DCWfpPBAA=
=hX9s
-----END PGP SIGNATURE-----
Posljednje sigurnosne preporuke