Overview

File nagios-CVE-2013-2214.patch of Package nagios

--- nagios-3.0.6/cgi/status.c.orig	2013-07-01 08:51:27.896682436 +0200
+++ nagios-3.0.6/cgi/status.c	2013-07-01 09:03:22.030455627 +0200
@@ -2593,6 +2593,10 @@
 		if(temp_host==NULL)
 			continue;
 
+        /* make sure user has rights to view this host */
+        if(is_authorized_for_host(temp_host, &current_authdata) == FALSE)
+            continue;
+
 		/* skip this if it isn't a new host... */
 		if(temp_host==last_host)
 			continue;
@@ -2772,6 +2776,10 @@
 		if(temp_service==NULL)
 			continue;
 
+                /* make sure user has rights to view this service */
+                if(is_authorized_for_service(temp_service, &current_authdata) == FALSE)
+                    continue;
+
 		/* find the service status */
 		temp_servicestatus=find_servicestatus(temp_service->host_name,temp_service->description);
 		if(temp_servicestatus==NULL)
@@ -3129,6 +3137,10 @@
 		if(temp_hoststatus==NULL)
 			continue;
 
+        /* make sure user has rights to view this host */
+        if(is_authorized_for_host(temp_host, &current_authdata) == FALSE)
+            continue;
+
 		/* skip this if it isn't a new host... */
 		if(temp_host==last_host)
 			continue;
openSUSE Build Service is sponsored by
Places