From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------- Debian Security Advisory DSA-1825-1
[email protected] http://www.debian.org/security/ Nico Golde
July 3rd, 2009
http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : nagios2, nagios3
Vulnerability : insufficient input validation
Problem type : remote
Debian-specific: no
CVE ID : CVE-2009-2288
It was discovered that the statuswml.cgi script of nagios, a monitoring
and management system for hosts, services and networks, is prone to a
command injection vulnerability. Input to the ping and traceroute parameters of the script is not properly validated which allows an attacker to execute arbitrary shell commands by passing a crafted value to these parameters.
For the oldstable distribution (etch), this problem has been fixed in
version 2.6-2+etch3 of nagios2.
For the stable distribution (lenny), this problem has been fixed in
version 3.0.6-4~lenny2 of nagios3.
For the testing distribution (squeeze), this problem has been fixed in
version 3.0.6-5 of nagios3.
For the unstable distribution (sid), this problem has been fixed in
version 3.0.6-5 of nagios3.
We recommend that you upgrade your nagios2/nagios3 packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4~lenny2.diff.gz
Size/MD5 checksum: 38428 42d830b18bfdeb3292cc926c81e93611
http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6.orig.tar.gz
Size/MD5 checksum: 2735504 900e3f4164f4b2a18485420eeaefe812
http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4~lenny2.dsc
Size/MD5 checksum: 1589 228a65351afe2ce6028c3e4b38a7dbd7
Architecture independent packages:
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-doc_3.0.6-4~lenny2_all.deb
Size/MD5 checksum: 2070624 a3d6285aa4ca170dff3ebc37c661a87f
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-common_3.0.6-4~lenny2_all.deb
Size/MD5 checksum: 76976 46391e4a013e6f4b9d22e7529f5836c2
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4~lenny2_alpha.deb
Size/MD5 checksum: 1652478 eeb78e031b3e0df336d473738bb849c3
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0.6-4~lenny2_alpha.deb
Size/MD5 checksum: 2256566 1691fcda957f56aa58d4a564249e3cc3
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4~lenny2_amd64.deb
Size/MD5 checksum: 1533972 c161bf872c5d5e08188ab30d0ea47acc
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0.6-4~lenny2_amd64.deb
Size/MD5 checksum: 2537724 75ea70e06091246d69457b3206e7dd57
arm architecture (ARM)
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0.6-4~lenny2_arm.deb
Size/MD5 checksum: 2219494 fac6212f49e1645e5e562753f342ea73
http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4~lenny2_arm.deb
Size/MD5 checksum: 1387152 40e50777dc68548be1cc4d9340074a78
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4~lenny2_armel.deb
Size/MD5 checksum: 1444282 639e4563d6009d69c6684117a4d252cd
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0.6-4~lenny2_armel.deb
Size/MD5 checksum: 2265242 a2874c655c74e88a52838fd0742544aa
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4~lenny2_hppa.deb
Size/MD5 checksum: 1557384 49575bfdb3ce7ade125e560586eae41f
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0.6-4~lenny2_hppa.deb
Size/MD5 checksum: 2362452 360e17eafca70d4124ef4aadb11498d1
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4~lenny2_i386.deb
Size/MD5 checksum: 1382416 bcce0eb86a0e94123b73650e49893193
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0.6-4~lenny2_i386.deb
Size/MD5 checksum: 2330734 1819c7189c5b97029fee9004879de07b
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0.6-4~lenny2_ia64.deb
Size/MD5 checksum: 2422520 70702e5b4d7363a9a1d4c03b0abf41c7
http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4~lenny2_ia64.deb
Size/MD5 checksum: 2250320 904aeb68937da12928f594bba319eb6d
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0.6-4~lenny2_mips.deb
Size/MD5 checksum: 2510252 8fee75f656fcb82329f9a1fba8d9c80f
http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4~lenny2_mips.deb
Size/MD5 checksum: 1403106 2e5454f24388aec81e74bfde59a861ed
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0.6-4~lenny2_mipsel.deb
Size/MD5 checksum: 2408904 5794b3ff1cc68160363c5f85145e8676
http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4~lenny2_mipsel.deb
Size/MD5 checksum: 1400836 575acb755aa91460a3dcb46d839d29d7
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)