CVE-2009-2288

Related Files

HP Security Bulletin HPSBMA02513 SSRT090110

Posted Mar 31, 2010

Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with Insight Control for Linux (IC-Linux). The vulnerabilities could be remotely exploited to allow remote execution of arbitrary code, local unauthorized elevation of privilege.

tags | advisory, remote, arbitrary, local, vulnerability

systems | linux

advisories | CVE-2009-2288, CVE-2010-1031

SHA-256 | d4109e5d9a36b472ebc75df6b4a9306be7b8adb9a7212fb743bcf9a50f32a689

Download | Favorite | View

Nagios3 statuswml.cgi Ping Command Execution

Posted Oct 30, 2009

Authored by H D Moore | Site metasploit.com

This Metasploit module abuses a metacharacter injection vulnerability in the Nagios3 statuswml.cgi script. This flaw is triggered when shell metacharacters are present in the parameters to the ping and traceroute commands.

tags | exploit, shell, cgi

advisories | CVE-2009-2288

SHA-256 | c2d2c8751ff58fad537e0c6238ae35be30735fc182787d224c39c6889d509e97

Download | Favorite | View

Mandriva Linux Security Advisory 2009-187

Posted Aug 5, 2009

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-187 - statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters. This update provides nagios 3.1.2, which is not vulnerable to this issue.

tags | advisory, remote, arbitrary, shell, cgi

systems | linux, mandriva

advisories | CVE-2009-2288

SHA-256 | 04e223848539b7b5171e79c77c8d8a75770c091e43127c3567234488d18f8f84

Download | Favorite | View

Gentoo Linux Security Advisory 200907-15

Posted Jul 20, 2009

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200907-15 - Multiple vulnerabilities in Nagios may lead to the execution of arbitrary code. Versions less than 3.0.6-r2 are affected.

tags | advisory, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2008-5027, CVE-2008-5028, CVE-2008-6373, CVE-2009-2288

SHA-256 | 15854a35770c10a91cb609a48f4a7774e8d4d6d67c4cbc672de3009f5242e9cb

Download | Favorite | View

Debian Linux Security Advisory 1825-1

Posted Jul 6, 2009

Authored by Debian | Site debian.org

Debian Security Advisory 1825-1 - It was discovered that the statuswml.cgi script of nagios, a monitoring and management system for hosts, services and networks, is prone to a command injection vulnerability. Input to the ping and traceroute parameters of the script is not properly validated which allows an attacker to execute arbitrary shell commands by passing a crafted value to these parameters.

tags | advisory, arbitrary, shell, cgi

systems | linux, debian

advisories | CVE-2009-2288

SHA-256 | 0b0c8bcd8fd8d0b6301b324a8896ae8ce2c6068e6e1a207cae7ec3151af6db50

Download | Favorite | View

Ubuntu Security Notice 795-1

Posted Jul 2, 2009

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-795-1 - It was discovered that Nagios did not properly parse certain commands submitted using the WAP web interface. An authenticated user could exploit this flaw and execute arbitrary programs on the server.

tags | advisory, web, arbitrary

systems | linux, ubuntu

advisories | CVE-2009-2288

SHA-256 | f523db27f95ad851f6c09869a789caa0fcde77293516f678ec968096aad5cbe1

Download | Favorite | View