Re: [Nagios-devel] Security issue
Posted: Mon Oct 27, 2008 8:10 am
Arno Lehmann wrote:
> Hi,
>
> 26.10.2008 04:56, Tim Starling wrote:
>> I discovered a serious security problem with default nagios
>> installations. I sent an email to nagios at nagios.org about it on
>> October 22. I have not received a response.
> >
>> Is there anyone here who wants to look at it?
>
> Quite surely... if you think the issue is too serious for public
> disclosure, send mail to Ethan or Andreas, for example.
>
We have it now. Thanks for the redirection, Arno, and thanks Tim
for reporting the issues.
> I'm also quite interested in this, but more because I think that
> Nagios itself is, by its intended use in a purely administrative
> environment without open access, not easily exploited by remote,
> unautorized users... the cgis with anonymous access and the plugins,
> of course, could easily hold security risks - but that's a different
> thing than the Nagios core. Anyway, I'm curious.
>
I'll add you to Cc, Arno.
The rest of the nagios-devel mailing list, you may want to mark this
thread as important, although an announce will be sent once the issues
Tim discovered have been fixed.
--
Andreas Ericsson [email protected]
OP5 AB www.op5.se
Tel: +46 8-230225 Fax: +46 8-230231
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]
> Hi,
>
> 26.10.2008 04:56, Tim Starling wrote:
>> I discovered a serious security problem with default nagios
>> installations. I sent an email to nagios at nagios.org about it on
>> October 22. I have not received a response.
> >
>> Is there anyone here who wants to look at it?
>
> Quite surely... if you think the issue is too serious for public
> disclosure, send mail to Ethan or Andreas, for example.
>
We have it now. Thanks for the redirection, Arno, and thanks Tim
for reporting the issues.
> I'm also quite interested in this, but more because I think that
> Nagios itself is, by its intended use in a purely administrative
> environment without open access, not easily exploited by remote,
> unautorized users... the cgis with anonymous access and the plugins,
> of course, could easily hold security risks - but that's a different
> thing than the Nagios core. Anyway, I'm curious.
>
I'll add you to Cc, Arno.
The rest of the nagios-devel mailing list, you may want to mark this
thread as important, although an announce will be sent once the issues
Tim discovered have been fixed.
--
Andreas Ericsson [email protected]
OP5 AB www.op5.se
Tel: +46 8-230225 Fax: +46 8-230231
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]