FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2009-2288

This CVE name corresponds to:

Entered Topic
2009-06-30 nagios -- Command Injection Vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2009-2288 at cve.mitre.org

Details

Type Candidate
Name CVE-2009-2288
Phase Assigned(20090701)

Description

statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters.

References

Source Reference
CONFIRM http://tracker.nagios.org/view.php?id=15
CONFIRM http://www.nagios.org/development/history/core-3x/
DEBIAN DSA-1825
GENTOO GLSA-200907-15
HP HPSBMA02513
HP SSRT090110
UBUNTU USN-795-1
SECTRACK 1022503
SECUNIA 35543
SECUNIA 35688
SECUNIA 35692
SECUNIA 39227
VUPEN ADV-2010-0750

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.