oss-sec mailing list archives

Re: CVE Request (nagios)


From: Andreas Ericsson <ae () op5 se>
Date: Mon, 08 Dec 2008 10:37:41 +0100

Josh Bressers wrote:
Hi Steve,

I'm not seeing a CVE id for this.  It seems the Nagios 3.0.6 release fixes a flaw:
http://www.nagios.org/development/history/nagios-3x.php
http://bugs.gentoo.org/show_bug.cgi?id=249876

Here is the patch:
http://sourceforge.net/mailarchive/forum.php?thread_name=E1L6mat-0001sb-RN%40fdv4jf1.ch3.sourceforge.com&forum_name=nagios-checkins


CVE id 2008-5028 has been assigned to this. I requested a CVE id through this list
on Nov 6 2008. Fairly full details on the two issues described in my original email
(Message-Id: <49131C7E.8050105 () op5 se>) can be found at http://blogs.op5.org

The patch has been publicly available since Nov 7, when I announced it on the
nagios-devel mailing list.

Both issues were reported to the Nagios dev team by Tim Starling on Oct 26.

--
Andreas Ericsson                   andreas.ericsson () op5 se
OP5 AB                             www.op5.se
Tel: +46 8-230225                  Fax: +46 8-230231


Current thread: