漏洞信息详情

NagiOS和op5 Monitor NagiOS进程身份认证漏洞

• CNNVD编号：CNNVD-200811-167
• 危害等级： 中危
  
• CVE编号： CVE-2008-5027
• 漏洞类型： 权限许可和访问控制
• 发布时间： 2008-11-10
• 威胁类型： 远程
• 更新时间： 2009-05-13
• 厂        商： nagiOS
• 漏洞来源： NagiOS

漏洞简介

(1)NagiOS 3.0.5之前的版本和(2)op5 Monitor 4.0.1之前的版本中的NagiOS进程允许远程认证用户借助(1)自定义窗体或(2)浏览器插件，来绕过身份认证并触发任意程序运行。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

Ubuntu Ubuntu Linux 8.10 lpia

Ubuntu nagiOS3-common_3.0.2-1ubuntu1.1_all.deb

http://security.ubuntu.com/ubuntu/pool/main/n/nagiOS3/nagiOS3-common_3.0.2-1ubuntu1.1_all.deb

Ubuntu nagiOS3-dbg_3.0.2-1ubuntu1.1_lpia.deb

http://ports.ubuntu.com/pool/main/n/nagiOS3/nagiOS3-dbg_3.0.2-1ubuntu1.1_lpia.deb

Ubuntu nagiOS3-doc_3.0.2-1ubuntu1.1_all.deb

http://security.ubuntu.com/ubuntu/pool/main/n/nagiOS3/nagiOS3-doc_3.0.2-1ubuntu1.1_all.deb

Ubuntu nagiOS3_3.0.2-1ubuntu1.1_lpia.deb

http://ports.ubuntu.com/pool/main/n/nagiOS3/nagiOS3_3.0.2-1ubuntu1.1_lpia.deb

Ubuntu Ubuntu Linux 6.06 LTS amd64

Ubuntu nagiOS-common_1.3-cvs.20050402-8ubuntu8_all.deb

http://security.ubuntu.com/ubuntu/pool/main/n/nagiOS/nagiOS-common_1.3-cvs.20050402-8ubuntu8_all.deb

Ubuntu nagiOS-mysql_1.3-cvs.20050402-8ubuntu8_amd64.deb

http://security.ubuntu.com/ubuntu/pool/main/n/nagiOS/nagiOS-mysql_1.3-cvs.20050402-8ubuntu8_amd64.deb

Ubuntu nagiOS-pgsql_1.3-cvs.20050402-8ubuntu8_amd64.deb

http://security.ubuntu.com/ubuntu/pool/main/n/nagiOS/nagiOS-pgsql_1.3-cvs.20050402-8ubuntu8_amd64.deb

Ubuntu nagiOS-text_1.3-cvs.20050402-8ubuntu8_amd64.deb

http://security.ubuntu.com/ubuntu/pool/main/n/nagiOS/nagiOS-text_1.3-cvs.20050402-8ubuntu8_amd64.deb

Ubuntu Ubuntu Linux 8.10 sparc

Ubuntu nagiOS3-common_3.0.2-1ubuntu1.1_all.deb

http://security.ubuntu.com/ubuntu/pool/main/n/nagiOS3/nagiOS3-common_3.0.2-1ubuntu1.1_all.deb

Ubuntu nagiOS3-dbg_3.0.2-1ubuntu1.1_sparc.deb

http://ports.ubuntu.com/pool/main/n/nagiOS3/nagiOS3-dbg_3.0.2-1ubuntu1.1_sparc.deb

Ubuntu nagiOS3-doc_3.0.2-1ubuntu1.1_all.deb

http://security.ubuntu.com/ubuntu/pool/main/n/nagiOS3/nagiOS3-doc_3.0.2-1ubuntu1.1_all.deb

Ubuntu nagiOS3_3.0.2-1ubuntu1.1_sparc.deb

http://ports.ubuntu.com/pool/main/n/nagiOS3/nagiOS3_3.0.2-1ubuntu1.1_sparc.deb

Ubuntu Ubuntu Linux 8.04 LTS powerpc

Ubuntu nagiOS2-common_2.11-1ubuntu1.4_all.deb

http://security.ubuntu.com/ubuntu/pool/universe/n/nagiOS2/nagiOS2-common_2.11-1ubuntu1.4_all.deb

Ubuntu nagiOS2-dbg_2.11-1ubuntu1.4_powerpc.deb

http://ports.ubuntu.com/pool/universe/n/nagiOS2/nagiOS2-dbg_2.11-1ubuntu1.4_powerpc.deb

Ubuntu nagiOS2-doc_2.11-1ubuntu1.4_all.deb

http://security.ubuntu.com/ubuntu/pool/universe/n/nagiOS2/nagiOS2-doc_2.11-1ubuntu1.4_all.deb

Ubuntu nagiOS2_2.11-1ubuntu1.4_powerpc.deb

http://ports.ubuntu.com/pool/universe/n/nagiOS2/nagiOS2_2.11-1ubuntu1.4_powerpc.deb

Ubuntu Ubuntu Linux 8.10 powerpc

Ubuntu nagiOS3-common_3.0.2-1ubuntu1.1_all.deb

http://security.ubuntu.com/ubuntu/pool/main/n/nagiOS3/nagiOS3-common_3.0.2-1ubuntu1.1_all.deb

Ubuntu nagiOS3-dbg_3.0.2-1ubuntu1.1_powerpc.deb

http://ports.ubuntu.com/pool/main/n/nagiOS3/nagiOS3-dbg_3.0.2-1ubuntu1.1_powerpc.deb

Ubuntu nagiOS3-doc_3.0.2-1ubuntu1.1_all.deb

http://security.ubuntu.com/ubuntu/pool/main/n/nagiOS3/nagiOS3-doc_3.0.2-1ubuntu1.1_all.deb

Ubuntu nagiOS3_3.0.2-1ubuntu1.1_powerpc.deb

http://ports.ubuntu.com/pool/main/n/nagiOS3/nagiOS3_3.0.2-1ubuntu1.1_powerpc.deb

Ubuntu Ubuntu Linux 8.10 i386

Ubuntu nagiOS3-common_3.0.2-1ubuntu1.1_all.deb

http://security.ubuntu.com/ubuntu/pool/main/n/nagiOS3/nagiOS3-common_3.0.2-1ubuntu1.1_all.deb

Ubuntu nagiOS3-dbg_3.0.2-1ubuntu1.1_i386.deb

http://security.ubuntu.com/ubuntu/pool/main/n/nagiOS3/nagiOS3-dbg_3.0.2-1ubuntu1.1_i386.deb

Ubuntu nagiOS3-doc_3.0.2-1ubuntu1.1_all.deb

http://security.ubuntu.com/ubuntu/pool/main/n/nagiOS3/nagiOS3-doc_3.0.2-1ubuntu1.1_all.deb

Ubuntu nagiOS3_3.0.2-1ubuntu1.1_i386.deb

http://security.ubuntu.com/ubuntu/pool/main/n/nagiOS3/nagiOS3_3.0.2-1ubuntu1.1_i386.deb

Ubuntu Ubuntu Linux 8.04 LTS sparc

Ubuntu nagiOS2-common_2.11-1ubuntu1.4_all.deb

http://security.ubuntu.com/ubuntu/pool/universe/n/nagiOS2/nagiOS2-common_2.11-1ubuntu1.4_all.deb

Ubuntu nagiOS2-dbg_2.11-1ubuntu1.4_sparc.deb

http://ports.ubuntu.com/pool/universe/n/nagiOS2/nagiOS2-dbg_2.11-1ubuntu1.4_sparc.deb

Ubuntu nagiOS2-doc_2.11-1ubuntu1.4_all.deb

http

参考网址

来源: BID

名称: 32156

链接:http://www.securityfocus.com/bid/32156

来源: MISC

链接:http://www.nagiOS.org/development/history/nagiOS-3x.php

来源: MLIST

名称: [nagiOS-devel] 20081107 Security fixes completed

; Patch Information

链接:http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagiOS-devel

来源: UBUNTU

名称: USN-698-3

链接:https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-December/000815.HTML

来源: VUPEN

名称: ADV-2009-1256

链接:http://www.vupen.com/english/advisories/2009/1256

来源: VUPEN

名称: ADV-2008-3029

链接:http://www.vupen.com/english/advisories/2008/3029

来源: UBUNTU

名称: USN-698-1

链接:http://www.ubuntu.com/usn/USN-698-1

来源: SECTRACK

名称: 1022165

链接:http://www.securitytracker.com/id?1022165

来源: MLIST

名称: [oss-security] 20081106 CVE request: NagiOS (two issues)

链接:http://www.openwall.com/lists/oss-security/2008/11/06/2

来源:www.op5.com

链接:http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor

来源: VUPEN

名称: ADV-2008-3364

链接:http://www.frsirt.com/english/advisories/2008/3364

来源: GENTOO

名称: GLSA-200907-15

链接:http://security.gentoo.org/glsa/glsa-200907-15.xml

来源: SECUNIA

名称: 35002

链接:http://secunia.com/advisories/35002

来源: SECUNIA

名称: 33320

链接:http://secunia.com/advisories/33320

来源: HP

名称: SSRT090060

链接:http://marc.info/?l=bugtraq&m=124156641928637&w=2

来源: HP

名称: SSRT090060

链接:http://marc.info/?l=bugtraq&m=124156641928637&w=2

受影响实体

• NagiOS NagiOS:1.0_b3  
• NagiOS NagiOS:1.0b1  
• NagiOS NagiOS:1.0_b1  
• NagiOS NagiOS:1.0_b2  
• NagiOS NagiOS:1.0  

补丁

暂无