Nagios.Statuswml.Cgi.Command.Execution

Release DateAug 25, 2009
SeverityHigh
ImpactSystem compromise
DescriptionThis indicates a possible attack against a remote code-execution vulnerability in statuswml.cgi file of Nagios.

The vulnerability is due to the software's inability to properly handle shell metacharacters in its ping and traceroute commands. Remote attackers may exploit this to execute arbitrary code.
Affected ProductsNagios before 3.1.1
Recommended ActionsYou may upgrade your system to Nagios 3.1.1 or later.
Common Vulnerabilities and Exposures (CVE)http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-2288
Reference/shttp://www.securityfocus.com/bid/35464 (BugTraq)
Reference: VID-17633