漏洞信息详情
NagiOS和op5 Monitor NagiOS进程身份认证漏洞
- CNNVD编号:CNNVD-200811-167
- 危害等级: 中危
- CVE编号: CVE-2008-5027
- 漏洞类型: 权限许可和访问控制
- 发布时间: 2008-11-10
- 威胁类型: 远程
- 更新时间: 2009-05-13
- 厂 商: nagiOS
- 漏洞来源: NagiOS
漏洞简介
(1)NagiOS 3.0.5之前的版本和(2)op5 Monitor 4.0.1之前的版本中的NagiOS进程允许远程认证用户借助(1)自定义窗体或(2)浏览器插件,来绕过身份认证并触发任意程序运行。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Ubuntu Ubuntu Linux 8.10 lpia
Ubuntu nagiOS3-common_3.0.2-1ubuntu1.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/n/nagiOS3/nagiOS3-common_3.0.2-1ubuntu1.1_all.deb
Ubuntu nagiOS3-dbg_3.0.2-1ubuntu1.1_lpia.deb
http://ports.ubuntu.com/pool/main/n/nagiOS3/nagiOS3-dbg_3.0.2-1ubuntu1.1_lpia.deb
Ubuntu nagiOS3-doc_3.0.2-1ubuntu1.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/n/nagiOS3/nagiOS3-doc_3.0.2-1ubuntu1.1_all.deb
Ubuntu nagiOS3_3.0.2-1ubuntu1.1_lpia.deb
http://ports.ubuntu.com/pool/main/n/nagiOS3/nagiOS3_3.0.2-1ubuntu1.1_lpia.deb
Ubuntu Ubuntu Linux 6.06 LTS amd64
Ubuntu nagiOS-common_1.3-cvs.20050402-8ubuntu8_all.deb
http://security.ubuntu.com/ubuntu/pool/main/n/nagiOS/nagiOS-common_1.3-cvs.20050402-8ubuntu8_all.deb
Ubuntu nagiOS-mysql_1.3-cvs.20050402-8ubuntu8_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/n/nagiOS/nagiOS-mysql_1.3-cvs.20050402-8ubuntu8_amd64.deb
Ubuntu nagiOS-pgsql_1.3-cvs.20050402-8ubuntu8_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/n/nagiOS/nagiOS-pgsql_1.3-cvs.20050402-8ubuntu8_amd64.deb
Ubuntu nagiOS-text_1.3-cvs.20050402-8ubuntu8_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/n/nagiOS/nagiOS-text_1.3-cvs.20050402-8ubuntu8_amd64.deb
Ubuntu Ubuntu Linux 8.10 sparc
Ubuntu nagiOS3-common_3.0.2-1ubuntu1.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/n/nagiOS3/nagiOS3-common_3.0.2-1ubuntu1.1_all.deb
Ubuntu nagiOS3-dbg_3.0.2-1ubuntu1.1_sparc.deb
http://ports.ubuntu.com/pool/main/n/nagiOS3/nagiOS3-dbg_3.0.2-1ubuntu1.1_sparc.deb
Ubuntu nagiOS3-doc_3.0.2-1ubuntu1.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/n/nagiOS3/nagiOS3-doc_3.0.2-1ubuntu1.1_all.deb
Ubuntu nagiOS3_3.0.2-1ubuntu1.1_sparc.deb
http://ports.ubuntu.com/pool/main/n/nagiOS3/nagiOS3_3.0.2-1ubuntu1.1_sparc.deb
Ubuntu Ubuntu Linux 8.04 LTS powerpc
Ubuntu nagiOS2-common_2.11-1ubuntu1.4_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/n/nagiOS2/nagiOS2-common_2.11-1ubuntu1.4_all.deb
Ubuntu nagiOS2-dbg_2.11-1ubuntu1.4_powerpc.deb
http://ports.ubuntu.com/pool/universe/n/nagiOS2/nagiOS2-dbg_2.11-1ubuntu1.4_powerpc.deb
Ubuntu nagiOS2-doc_2.11-1ubuntu1.4_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/n/nagiOS2/nagiOS2-doc_2.11-1ubuntu1.4_all.deb
Ubuntu nagiOS2_2.11-1ubuntu1.4_powerpc.deb
http://ports.ubuntu.com/pool/universe/n/nagiOS2/nagiOS2_2.11-1ubuntu1.4_powerpc.deb
Ubuntu Ubuntu Linux 8.10 powerpc
Ubuntu nagiOS3-common_3.0.2-1ubuntu1.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/n/nagiOS3/nagiOS3-common_3.0.2-1ubuntu1.1_all.deb
Ubuntu nagiOS3-dbg_3.0.2-1ubuntu1.1_powerpc.deb
http://ports.ubuntu.com/pool/main/n/nagiOS3/nagiOS3-dbg_3.0.2-1ubuntu1.1_powerpc.deb
Ubuntu nagiOS3-doc_3.0.2-1ubuntu1.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/n/nagiOS3/nagiOS3-doc_3.0.2-1ubuntu1.1_all.deb
Ubuntu nagiOS3_3.0.2-1ubuntu1.1_powerpc.deb
http://ports.ubuntu.com/pool/main/n/nagiOS3/nagiOS3_3.0.2-1ubuntu1.1_powerpc.deb
Ubuntu Ubuntu Linux 8.10 i386
Ubuntu nagiOS3-common_3.0.2-1ubuntu1.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/n/nagiOS3/nagiOS3-common_3.0.2-1ubuntu1.1_all.deb
Ubuntu nagiOS3-dbg_3.0.2-1ubuntu1.1_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/n/nagiOS3/nagiOS3-dbg_3.0.2-1ubuntu1.1_i386.deb
Ubuntu nagiOS3-doc_3.0.2-1ubuntu1.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/n/nagiOS3/nagiOS3-doc_3.0.2-1ubuntu1.1_all.deb
Ubuntu nagiOS3_3.0.2-1ubuntu1.1_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/n/nagiOS3/nagiOS3_3.0.2-1ubuntu1.1_i386.deb
Ubuntu Ubuntu Linux 8.04 LTS sparc
Ubuntu nagiOS2-common_2.11-1ubuntu1.4_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/n/nagiOS2/nagiOS2-common_2.11-1ubuntu1.4_all.deb
Ubuntu nagiOS2-dbg_2.11-1ubuntu1.4_sparc.deb
http://ports.ubuntu.com/pool/universe/n/nagiOS2/nagiOS2-dbg_2.11-1ubuntu1.4_sparc.deb
Ubuntu nagiOS2-doc_2.11-1ubuntu1.4_all.deb
http
参考网址
来源: BID
名称: 32156
链接:http://www.securityfocus.com/bid/32156
来源: MISC
链接:http://www.nagiOS.org/development/history/nagiOS-3x.php
来源: MLIST
名称: [nagiOS-devel] 20081107 Security fixes completed
; Patch Information
链接:http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagiOS-devel
来源: UBUNTU
名称: USN-698-3
链接:https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-December/000815.HTML
来源: VUPEN
名称: ADV-2009-1256
链接:http://www.vupen.com/english/advisories/2009/1256
来源: VUPEN
名称: ADV-2008-3029
链接:http://www.vupen.com/english/advisories/2008/3029
来源: UBUNTU
名称: USN-698-1
链接:http://www.ubuntu.com/usn/USN-698-1
来源: SECTRACK
名称: 1022165
链接:http://www.securitytracker.com/id?1022165
来源: MLIST
名称: [oss-security] 20081106 CVE request: NagiOS (two issues)
链接:http://www.openwall.com/lists/oss-security/2008/11/06/2
来源:www.op5.com
链接:http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor
来源: VUPEN
名称: ADV-2008-3364
链接:http://www.frsirt.com/english/advisories/2008/3364
来源: GENTOO
名称: GLSA-200907-15
链接:http://security.gentoo.org/glsa/glsa-200907-15.xml
来源: SECUNIA
名称: 35002
链接:http://secunia.com/advisories/35002
来源: SECUNIA
名称: 33320
链接:http://secunia.com/advisories/33320
来源: HP
名称: SSRT090060
链接:http://marc.info/?l=bugtraq&m=124156641928637&w=2
来源: HP
名称: SSRT090060
链接:http://marc.info/?l=bugtraq&m=124156641928637&w=2
受影响实体
- NagiOS NagiOS:1.0_b3
- NagiOS NagiOS:1.0b1
- NagiOS NagiOS:1.0_b1
- NagiOS NagiOS:1.0_b2
- NagiOS NagiOS:1.0
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论