Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.100229
Category:General
Title:Nagios 'statuswml.cgi' Remote Arbitrary Shell Command Injection Vulnerability
Summary:Nagios is prone to a remote command-injection vulnerability because; it fails to adequately sanitize user-supplied input data.;; Remote attackers can exploit this issue to execute arbitrary shell; commands with the privileges of the user running the application.;; Note that for an exploit to succeed, access to the WAP interface's; ping feature must be allowed.;; Versions prior to Nagios 3.1.1 are vulnerable.
Description:Summary:
Nagios is prone to a remote command-injection vulnerability because
it fails to adequately sanitize user-supplied input data.

Remote attackers can exploit this issue to execute arbitrary shell
commands with the privileges of the user running the application.

Note that for an exploit to succeed, access to the WAP interface's
ping feature must be allowed.

Versions prior to Nagios 3.1.1 are vulnerable.

Solution:
The vendor has released updates.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: BugTraq ID: 35464
Common Vulnerability Exposure (CVE) ID: CVE-2009-2288
Debian Security Information: DSA-1825 (Google Search)
http://www.debian.org/security/2009/dsa-1825
http://security.gentoo.org/glsa/glsa-200907-15.xml
HPdes Security Advisory: HPSBMA02513
http://marc.info/?l=bugtraq&m=126996888626964&w=2
HPdes Security Advisory: SSRT090110
http://www.securitytracker.com/id?1022503
http://secunia.com/advisories/35543
http://secunia.com/advisories/35688
http://secunia.com/advisories/35692
http://secunia.com/advisories/39227
http://www.ubuntu.com/usn/USN-795-1
http://www.vupen.com/english/advisories/2010/0750
CopyrightThis script is Copyright (C) 2009 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.