This application requires Javascript for optimal performance.

Nagios.Statuswml.Cgi.Command.Execution

Release Date

Aug 25, 2009

Severity

high

Impact

System compromise

Description

This indicates a possible attack against a remote code-execution vulnerability in statuswml.cgi file of Nagios.

The vulnerability is due to the software's inability to properly handle shell metacharacters in its ping and traceroute commands. Remote attackers may exploit this to execute arbitrary code.

Affected Products

Nagios before 3.1.1

Recommended Actions

You may upgrade your system to Nagios 3.1.1 or later.

Coverage

IPS
VCM

Common Vulnerabilities and Exposures (CVE)

CVE-2009-2288

Reference/s

http://www.securityfocus.com/bid/35464 (BugTraq)

Reference: VID-17633