HP Security Bulletin - Potential security vulnerabilities have been identified with Insight Control for Linux (IC-Linux). The vulnerabilities could be remotely exploited to allow remote execution of arbitrary code, local unauthorized elevation of privilege.
d4109e5d9a36b472ebc75df6b4a9306be7b8adb9a7212fb743bcf9a50f32a689
This Metasploit module abuses a metacharacter injection vulnerability in the Nagios3 statuswml.cgi script. This flaw is triggered when shell metacharacters are present in the parameters to the ping and traceroute commands.
c2d2c8751ff58fad537e0c6238ae35be30735fc182787d224c39c6889d509e97
Mandriva Linux Security Advisory 2009-187 - statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters. This update provides nagios 3.1.2, which is not vulnerable to this issue.
04e223848539b7b5171e79c77c8d8a75770c091e43127c3567234488d18f8f84
Gentoo Linux Security Advisory GLSA 200907-15 - Multiple vulnerabilities in Nagios may lead to the execution of arbitrary code. Versions less than 3.0.6-r2 are affected.
15854a35770c10a91cb609a48f4a7774e8d4d6d67c4cbc672de3009f5242e9cb
Debian Security Advisory 1825-1 - It was discovered that the statuswml.cgi script of nagios, a monitoring and management system for hosts, services and networks, is prone to a command injection vulnerability. Input to the ping and traceroute parameters of the script is not properly validated which allows an attacker to execute arbitrary shell commands by passing a crafted value to these parameters.
0b0c8bcd8fd8d0b6301b324a8896ae8ce2c6068e6e1a207cae7ec3151af6db50
Ubuntu Security Notice USN-795-1 - It was discovered that Nagios did not properly parse certain commands submitted using the WAP web interface. An authenticated user could exploit this flaw and execute arbitrary programs on the server.
f523db27f95ad851f6c09869a789caa0fcde77293516f678ec968096aad5cbe1