Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Mon, 08 Dec 2008 10:37:41 +0100
From: Andreas Ericsson <ae@....se>
To: oss-security@...ts.openwall.com
CC: coley@...re.org
Subject: Re: CVE Request (nagios)

Josh Bressers wrote:
> Hi Steve,
> 
> I'm not seeing a CVE id for this.  It seems the Nagios 3.0.6 release fixes a flaw:
> http://www.nagios.org/development/history/nagios-3x.php
> http://bugs.gentoo.org/show_bug.cgi?id=249876
> 
> Here is the patch:
> http://sourceforge.net/mailarchive/forum.php?thread_name=E1L6mat-0001sb-RN%40fdv4jf1.ch3.sourceforge.com&forum_name=nagios-checkins
> 

CVE id 2008-5028 has been assigned to this. I requested a CVE id through this list
on Nov 6 2008. Fairly full details on the two issues described in my original email
(Message-Id: <49131C7E.8050105@....se>) can be found at http://blogs.op5.org

The patch has been publicly available since Nov 7, when I announced it on the
nagios-devel mailing list.

Both issues were reported to the Nagios dev team by Tim Starling on Oct 26.

-- 
Andreas Ericsson                   andreas.ericsson@....se
OP5 AB                             www.op5.se
Tel: +46 8-230225                  Fax: +46 8-230231

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux