Name | nagios_ping |
---|---|
CVE | CVE-2009-2288 Exploit Pack |
VENDOR: http://www.nagios.org/ | |
CVEUrl: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2288 | |
Notes: statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters. The actual .cgi file scrubs a lot of characters that would make this attack slightly easier, so wget or curl are used to download a trojan onto the target machine. If either of those two commands are not avaliable on the target machine then this exploit will fail. | |
Repeatability: Infinite | |
CVSS: 7.5 |