Nagios Support Forum

Good afternoon:

Please could you help me or send me a link on which have a list of vulnerabilities on Nagios v5.5.9 and the remediation measures.

Is it possible to remains on version 5.5? This is because our system is quite old and we need to preserve that version.

Thanks a lot in advance

José Sotomayor

Hello jose.sotomayor,
Hi

Our support is limited to Nagios products only. You can find links to our security disclosures and change log below:

https://www.nagios.com/products/security/

https://assets.nagios.com/downloads/nag ... NGES-5.TXT

Components such as MariaDB, PHP and Apache are managed by your operating system's package management system. To ensure the security of your system you will want to make sure you are keeping your operating system up to date with the latest patches provided by your vendor.

If you have any further questions please reach out

Thank you

Why are you keeping an older version around? Have you considered a test upgrade on a new box and migrate your existing data to there? I know from our own experiences migrating from 5.5 to a later version is a problem in itself and invites many issues if its not upgraded. It can be done just has to be done with extra steps.

For starters XI 5.5 has PHP 5 which was long depreciated. If you migrate to 5.10 or later you can use PHP 8 which is faster and more secure. From our own experiences it will work without any issues. Also the httpd and mysql components in that version are very dated and you should replace them with later versions.

Even if you can remediate your 5.5 code you will have to do alot of work to keep it up to todays standards. It may not be possible on that version. Its also advised if you are on RHEL 7 or lower to go to rhel8 or better or one of the rhel 8 varients or even debian. Just a suggestion.

Check well-known vulnerability databases such as the National Vulnerability Database (NVD) or the Common Vulnerabilities and Exposures (CVE) database for any reported vulnerabilities specific to Nagios v5.5.9. These databases often provide information on vulnerabilities, their severity, and recommended mitigation measures.