Updated nagios packages that fix one security issue are now available for the Red Hat HPC Solution. This update has been rated as having important security impact by the Red Hat Security Response Team.
Nagios is a program that can monitor hosts and services on your network. It can send email or page alerts when problems arise and when problems are resolved. A shell command injection flaw was discovered in the statuswml.cgi CGI script used by Nagios. A remote attacker able to access Nagios web pages could use this flaw to run arbitrary commands with the privileges of the web server user (apache). (CVE-2009-2288) Note: Successful authentication is required to access Nagios web pages. In the Red Hat HPC Solution, configuration for Nagios is provided by the kusu-nagios-config package, which creates a user with a fixed, default password during installation. It is recommended to change this default password, or restrict access to Nagios web pages based on a client's IP address as is appropriate for your environment. Users of nagios should upgrade to these updated packages, which contain a backported patch to correct this issue.