nagios -- Command Injection Vulnerability

2009-05-2900:00:00

vuxml.freebsd.org

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.97 High

EPSS

Percentile

99.7%

JSON

Secunia reports:

A vulnerability has been reported in Nagios, which can be
exploited by malicious users to potentially compromise a
vulnerable system.
Input passed to the “ping” parameter in statuswml.cgi is not
properly sanitised before being used to invoke the ping command.
This can be exploited to inject and execute arbitrary shell
commands.
Successful exploitation requires access to the ping feature
of the WAP interface.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchnagios<= 3.0.6_1UNKNOWN
FreeBSDanynoarchnagios2<= 2.12_3UNKNOWN
FreeBSDanynoarchnagios-devel<= 3.1.0_1UNKNOWN