what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2009-2288

Status Candidate

Overview

statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters.

Related Files

HP Security Bulletin HPSBMA02513 SSRT090110
Posted Mar 31, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with Insight Control for Linux (IC-Linux). The vulnerabilities could be remotely exploited to allow remote execution of arbitrary code, local unauthorized elevation of privilege.

tags | advisory, remote, arbitrary, local, vulnerability
systems | linux
advisories | CVE-2009-2288, CVE-2010-1031
SHA-256 | d4109e5d9a36b472ebc75df6b4a9306be7b8adb9a7212fb743bcf9a50f32a689
Nagios3 statuswml.cgi Ping Command Execution
Posted Oct 30, 2009
Authored by H D Moore | Site metasploit.com

This Metasploit module abuses a metacharacter injection vulnerability in the Nagios3 statuswml.cgi script. This flaw is triggered when shell metacharacters are present in the parameters to the ping and traceroute commands.

tags | exploit, shell, cgi
advisories | CVE-2009-2288
SHA-256 | c2d2c8751ff58fad537e0c6238ae35be30735fc182787d224c39c6889d509e97
Mandriva Linux Security Advisory 2009-187
Posted Aug 5, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-187 - statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters. This update provides nagios 3.1.2, which is not vulnerable to this issue.

tags | advisory, remote, arbitrary, shell, cgi
systems | linux, mandriva
advisories | CVE-2009-2288
SHA-256 | 04e223848539b7b5171e79c77c8d8a75770c091e43127c3567234488d18f8f84
Gentoo Linux Security Advisory 200907-15
Posted Jul 20, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200907-15 - Multiple vulnerabilities in Nagios may lead to the execution of arbitrary code. Versions less than 3.0.6-r2 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2008-5027, CVE-2008-5028, CVE-2008-6373, CVE-2009-2288
SHA-256 | 15854a35770c10a91cb609a48f4a7774e8d4d6d67c4cbc672de3009f5242e9cb
Debian Linux Security Advisory 1825-1
Posted Jul 6, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1825-1 - It was discovered that the statuswml.cgi script of nagios, a monitoring and management system for hosts, services and networks, is prone to a command injection vulnerability. Input to the ping and traceroute parameters of the script is not properly validated which allows an attacker to execute arbitrary shell commands by passing a crafted value to these parameters.

tags | advisory, arbitrary, shell, cgi
systems | linux, debian
advisories | CVE-2009-2288
SHA-256 | 0b0c8bcd8fd8d0b6301b324a8896ae8ce2c6068e6e1a207cae7ec3151af6db50
Ubuntu Security Notice 795-1
Posted Jul 2, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-795-1 - It was discovered that Nagios did not properly parse certain commands submitted using the WAP web interface. An authenticated user could exploit this flaw and execute arbitrary programs on the server.

tags | advisory, web, arbitrary
systems | linux, ubuntu
advisories | CVE-2009-2288
SHA-256 | f523db27f95ad851f6c09869a789caa0fcde77293516f678ec968096aad5cbe1
Page 1 of 1
Back1Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    23 Files
  • 19
    Sep 19th
    48 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close