{ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5027", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[nagios-devel] 20081107 Security fixes completed", "refsource": "MLIST", "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel" }, { "name": "ADV-2008-3364", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/3364" }, { "name": "GLSA-200907-15", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200907-15.xml" }, { "name": "http://www.nagios.org/development/history/nagios-3x.php", "refsource": "MISC", "url": "http://www.nagios.org/development/history/nagios-3x.php" }, { "name": "33320", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33320" }, { "name": "[oss-security] 20081106 CVE request: Nagios (two issues)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2008/11/06/2" }, { "name": "32156", "refsource": "BID", "url": "http://www.securityfocus.com/bid/32156" }, { "name": "1022165", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1022165" }, { "name": "USN-698-3", "refsource": "UBUNTU", "url": "https://www.ubuntu.com/usn/USN-698-3/" }, { "name": "http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor", "refsource": "CONFIRM", "url": "http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor" }, { "name": "ADV-2008-3029", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/3029" }, { "name": "SSRT090060", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=124156641928637&w=2" }, { "name": "HPSBMA02419", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=124156641928637&w=2" }, { "name": "ADV-2009-1256", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/1256" }, { "name": "USN-698-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-698-1" }, { "name": "35002", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35002" } ] } }