CVE-2009-2288
Published: 1 July 2009
statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters.
Notes
| Author | Note |
|---|---|
| mdeslaur | Can't reproduce the issue with nagios v1, so it's probably not affected. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
nagios Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
| hardy |
Does not exist
|
|
| intrepid |
Does not exist
|
|
| jaunty |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
nagios2 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Released
(2.11-1ubuntu1.5)
|
|
| intrepid |
Does not exist
|
|
| jaunty |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
nagios3 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| intrepid |
Released
(3.0.2-1ubuntu1.2)
|
|
| jaunty |
Released
(3.0.6-2ubuntu1.1)
|
|
| upstream |
Released
(3.0.6-5)
|
|
|
Patches: upstream: http://nagios.cvs.sourceforge.net/viewvc/nagios/nagios/cgi/statuswml.c?r1=1.27&r2=1.28 |
||