Security issue
Andreas Ericsson
ae at op5.se
Mon Oct 27 09:51:13 CET 2008
Arno Lehmann wrote:
> Hi,
>
> 26.10.2008 04:56, Tim Starling wrote:
>> I discovered a serious security problem with default nagios
>> installations. I sent an email to nagios at nagios.org about it on
>> October 22. I have not received a response.
> >
>> Is there anyone here who wants to look at it?
>
> Quite surely... if you think the issue is too serious for public
> disclosure, send mail to Ethan or Andreas, for example.
>
We have it now. Thanks for the redirection, Arno, and thanks Tim
for reporting the issues.
> I'm also quite interested in this, but more because I think that
> Nagios itself is, by its intended use in a purely administrative
> environment without open access, not easily exploited by remote,
> unautorized users... the cgis with anonymous access and the plugins,
> of course, could easily hold security risks - but that's a different
> thing than the Nagios core. Anyway, I'm curious.
>
I'll add you to Cc, Arno.
The rest of the nagios-devel mailing list, you may want to mark this
thread as important, although an announce will be sent once the issues
Tim discovered have been fixed.
--
Andreas Ericsson andreas.ericsson at op5.se
OP5 AB www.op5.se
Tel: +46 8-230225 Fax: +46 8-230231
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
More information about the Developers
mailing list