You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id= "201401-03" >
<title > Nagstamon: Information disclosure</title>
<synopsis > A vulnerability in Nagstamon could expose user credentials to a
remote attacker.
</synopsis>
<product type= "ebuild" > nagstamon</product>
<announced > 2014-01-06</announced>
<revised count= "2" > 2014-01-06</revised>
<bug > 476538</bug>
<access > remote</access>
<affected >
<package name= "net-analyzer/nagstamon" auto= "yes" arch= "*" >
<unaffected range= "ge" > 0.9.11_rc1</unaffected>
<vulnerable range= "lt" > 0.9.11_rc1</vulnerable>
</package>
</affected>
<background >
<p > Nagstamon is a Nagios status monitor application.</p>
</background>
<description >
<p > Nagstamon’ s automatic request to check for updates includes plaintext
username and password information for one of the monitor servers that the
Nagstamon instance connects to.
</p>
</description>
<impact type= "high" >
<p > A remote attacker could eavesdrop on this request and gain user
credentials for a monitor server.
</p>
</impact>
<workaround >
<p > There is no known workaround at this time.</p>
</workaround>
<resolution >
<p > All Nagstamon users should upgrade to the latest version:</p>
<code >
# emerge --sync
# emerge --ask --oneshot --verbose
"> =net-analyzer/nagstamon-0.9.11_rc1"
</code>
</resolution>
<references >
<uri link= "https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4114" > CVE-2013-4114</uri>
</references>
<metadata tag= "requester" timestamp= "2011-10-07T23:38:16Z" >
underling
</metadata>
<metadata tag= "submitter" timestamp= "2014-01-06T22:22:38Z" >
creffett
</metadata>
</glsa>