xss vulnerabilities in nagios 3.2.3

Michael Friedrich michael.friedrich at univie.ac.at
Fri Jun 10 10:57:20 CEST 2011


hi,

on your tracker, 2 issues point to several xss vulnerabilities. since 
we've fixed them in icinga, and previous command expander needed an 
enhanced patch too, i decided to push that over her too while adding 
that patch to the omd package.

description is in icinga's dev tracker

https://dev.icinga.org/issues/1281
https://dev.icinga.org/issues/1605

this is a combined fix of those 2 issues #207 #224 @ tracker.nagios.org, 
diff'ed against 3.2.3 release on holger's git repository.

feel free to to accept it or not, as usual i won't provide any tests as 
user feedback was sufficient.

kind regards,
michael

-- 
DI (FH) Michael Friedrich

Vienna University Computer Center
Universitaetsstrasse 7 A-1010 Vienna, Austria

email: 	michael.friedrich at univie.ac.at
phone: 	+43 1 4277 14359
mobile: +43 664 60277 14359
fax: 	+43 1 4277 14338
web:	http://www.univie.ac.at/zid
	http://www.aco.net

Icinga Core&  IDOUtils Developer
http://www.icinga.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-fix-xss-vulnerability-in-config-statusmap.cgi-tracke.patch
Type: text/x-diff
Size: 10064 bytes
Desc: not available
URL: <https://www.monitoring-lists.org/archive/developers/attachments/20110610/a8a39a46/attachment.patch>
-------------- next part --------------
------------------------------------------------------------------------------
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev
-------------- next part --------------
_______________________________________________
Nagios-devel mailing list
Nagios-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-devel


More information about the Developers mailing list