06.11.2008 22:51, Tobias Scherbaum wrote:
> Andreas Ericsson wrote:
>> I'm hoping Ethan will have picked it up by tomorrow. I'll send an
>> announce and put up a nagios-3.0.5p1 or something for download unless
>> Ethan's done with that by the time I leave the office tomorrow (around
>> 17:00 GMT+1). Note that it won't be official until Ethan hits the big
>> release-bell and puts it up at nagios.org, but with some decent testing
>> beforehand, I'm sure he'll be a lot more trigger-happy
>
> What about Nagios-2? I guess it is affected too, will there be patches
> as well?
As far as I know, Nagios 2 is not critically affected because it does
not allow you to change configuration settings through the cgis.
That said, Nagios 2 will be vulnerable to the "prankster" level attacks.
I guess porting the session id stuff to the Nagios 2 cgis wouldn't be
too hard (not that I volunteer - you wouldn't want to run a C program
I touched
Arno
> Tobias
>
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
> Build the coolest Linux based applications with Moblin SDK & win great prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php? ... =100&url=/
> _______________________________________________
> Nagios-devel mailing list
> [email protected]
> https://lists.sourceforge.net/lists/lis ... gios-devel
>
--
Arno Lehmann
IT-Service Lehmann
Sandstr. 6, 49080 Osnabrück
www.its-lehmann.de
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]