Security issue

Andreas Ericsson ae at op5.se
Mon Oct 27 09:51:13 CET 2008


Arno Lehmann wrote:
> Hi,
> 
> 26.10.2008 04:56, Tim Starling wrote:
>> I discovered a serious security problem with default nagios
>> installations. I sent an email to nagios at nagios.org about it on
>> October 22. I have not received a response.
>  >
>> Is there anyone here who wants to look at it?
> 
> Quite surely... if you think the issue is too serious for public 
> disclosure, send mail to Ethan or Andreas, for example.
> 

We have it now. Thanks for the redirection, Arno, and thanks Tim
for reporting the issues.

> I'm also quite interested in this, but more because I think that 
> Nagios itself is, by its intended use in a purely administrative 
> environment without open access, not easily exploited by remote, 
> unautorized users... the cgis with anonymous access and the plugins, 
> of course, could easily hold security risks - but that's a different 
> thing than the Nagios core. Anyway, I'm curious.
> 

I'll add you to Cc, Arno.

The rest of the nagios-devel mailing list, you may want to mark this
thread as important, although an announce will be sent once the issues
Tim discovered have been fixed.

-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Tel: +46 8-230225                  Fax: +46 8-230231

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/




More information about the Developers mailing list