Lucene search
SAINT CorporationSAINT:C5023AAA861EB37606B05D5A55B52555HistoryApr 13, 2010 - 12:00 a.m.
Nagios statuswml.cgi Command Injection
2010-04-1300:00:00
SAINT Corporation
www.saintcorporation.com
13
0.969 High
EPSS
Percentile
99.6%
Added: 04/13/2010
CVE: CVE-2009-2288
BID: 35464
OSVDB: 55281
Background
Nagios is a network host and service monitoring and management system.
Problem
The Nagios statuswml.cgi script passes unsanitized data to the ping and traceroute commands, resulting in shell command execution via metacharacters. A successful remote attacker could use a specially crafted request to execute arbitrary commands.
Resolution
Upgrade to Nagios 3.1.1 or later.
References
<http://secunia.com/advisories/35543/>
Limitations
Exploit works on Nagios 2.11.
Valid Nagios user credentials must be provided.
Related
dsquare
dsquare
Nagios 3.1.0 RCE
2012-01-30 00:00:00
nessus
nessus
SuSE 10 Security Update : nagios (ZYPP Patch Number 6356)
2009-09-24 00:00:00
Ubuntu 8.04 LTS / 8.10 / 9.04 : nagios2, nagios3 vulnerability (USN-795-1)
2009-07-03 00:00:00
openSUSE Security Update : nagios (nagios-1102)
2009-07-31 00:00:00
debian
debian
ubuntucve
ubuntucve
CVE-2009-2288
2009-07-01 00:00:00
canvas
canvas
Immunity Canvas: NAGIOS_PING
2009-07-01 13:00:00
openvas
openvas
SLES11: Security update for nagios
2009-10-11 00:00:00
SLES10: Security update for nagios
2009-10-13 00:00:00
SLES11: Security update for nagios
2009-10-11 00:00:00
checkpoint_advisories
checkpoint_advisories
Nagios statuswml.cgi Command Execution (CVE-2009-2288)
2013-12-02 00:00:00
packetstorm
packetstorm
Nagios3 statuswml.cgi Ping Command Execution
2009-10-30 00:00:00
saint
saint
Nagios statuswml.cgi Command Injection
2010-04-13 00:00:00
Nagios statuswml.cgi Command Injection
2010-04-13 00:00:00
Nagios statuswml.cgi Command Injection
2010-04-13 00:00:00
freebsd
freebsd
nagios -- Command Injection Vulnerability
2009-05-29 00:00:00
securityvulns
securityvulns
[USN-795-1] Nagios vulnerability
2009-07-03 00:00:00
prion
prion
Code injection
2009-07-01 13:00:00
cve
cve
CVE-2009-2288
2009-07-01 13:00:00
ubuntu
ubuntu
Nagios vulnerability
2009-07-02 00:00:00
gentoo
gentoo
Nagios: Execution of arbitrary code
2009-07-19 00:00:00