Information on source package nagios3

Available versions

ReleaseVersion
wheezy3.4.1-3+deb7u1
wheezy (security)3.4.1-3+deb7u3
jessie3.5.1.dfsg-2

Open issues

BugwheezyjessieDescription
CVE-2017-12847vulnerable (no DSA)vulnerable (no DSA)Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping ...
CVE-2016-9566fixedvulnerable (no DSA)base/logging.c in Nagios Core before 4.2.4 allows local users with ...
CVE-2016-6209vulnerable (no DSA)vulnerable (no DSA)Cross-site scripting (XSS) vulnerability in Nagios. ...
CVE-2014-1878fixedvulnerable (no DSA)Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c ...
CVE-2013-7205vulnerable (no DSA)vulnerable (no DSA)Off-by-one error in the process_cgivars function in ...
CVE-2013-7108vulnerable (no DSA)vulnerable (no DSA)Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, ...
CVE-2013-7107vulnerable (no DSA)vulnerable (no DSA)Cross-site request forgery (CSRF) vulnerability in cmd.cgi in Icinga ...
CVE-2013-4214vulnerable (no DSA)fixedrss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when ...

Open unimportant issues

BugwheezyjessieDescription
CVE-2008-5027vulnerablevulnerableThe Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor ...

Resolved issues

BugDescription
CVE-2017-14312Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root ...
CVE-2016-9565MagpieRSS, as used in the front-end component in Nagios Core before ...
CVE-2016-8641
CVE-2016-10089Nagios 4.3.2 and earlier allows local users to gain root privileges ...
CVE-2016-0726The Fedora Nagios package uses "nagiosadmin" as the default password ...
CVE-2013-2214status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does ...
CVE-2013-2029nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others ...
CVE-2012-6096Multiple stack-based buffer overflows in the get_history function in ...
CVE-2011-2477Multiple cross-site scripting (XSS) vulnerabilities in config.c in ...
CVE-2011-2179Multiple cross-site scripting (XSS) vulnerabilities in config.c in ...
CVE-2011-1523Cross-site scripting (XSS) vulnerability in statusmap.c in ...
CVE-2009-2288statuswml.cgi in Nagios before 3.1.1 allows remote attackers to ...
CVE-2008-6373Unspecified vulnerability in Nagios before 3.0.6 has unspecified ...
CVE-2008-5028Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) ...
CVE-2007-5803Multiple cross-site scripting (XSS) vulnerabilities in CGI programs in ...

Security announcements

DSA / DLADescription
DLA-751-1nagios3 - security update
DLA-461-1nagios3 - security update
DSA-2616-1nagios3 - buffer overflow vulnerability
DSA-1825-1nagios2 nagios3 - arbitrary code execution

Search for package or bug name: Reporting problems