Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:CGI:NAGIOS-CMD-INJ

Severity

 High

Recommended

 No

Category

 HTTP

Keywords

 Nagios Command Injection

Release Date

 2009/07/17

Update Number

 1465

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Nagios Command Injection


This signature detects attempts to exploit a known vulnerability against Nagios. A successful attack can lead to arbitrary code execution.

Extended Description

Nagios is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attackers can exploit this issue to execute arbitrary shell commands with the privileges of the user running the application. NOTE: For an exploit to succeed, access to the WAP interface's ping feature must be allowed. Versions prior to Nagios 3.1.1 are vulnerable.

Affected Products

  • Debian Linux 5.0
  • Debian Linux 5.0 Alpha
  • Debian Linux 5.0 Amd64
  • Debian Linux 5.0 Arm
  • Debian Linux 5.0 Armel
  • Debian Linux 5.0 Hppa
  • Debian Linux 5.0 Ia-32
  • Debian Linux 5.0 Ia-64
  • Debian Linux 5.0 M68k
  • Debian Linux 5.0 Mips
  • Debian Linux 5.0 Mipsel
  • Debian Linux 5.0 Powerpc
  • Debian Linux 5.0 S/390
  • Debian Linux 5.0 Sparc
  • Gentoo Linux
  • HP Insight Control 6.0
  • HP Insight Control for Linux (ICE-LX) 2.10
  • Mandriva Corporate Server 4.0
  • Mandriva Corporate Server 4.0.0 X86 64
  • Mandriva Enterprise Server 5
  • Mandriva Enterprise Server 5 X86 64
  • Nagios 2.10
  • Nagios 2.11
  • Nagios 2.12
  • Nagios 2.7
  • Nagios 2.8
  • Nagios 2.9
  • Nagios 3.0.4
  • Nagios 3.0.5
  • Nagios 3.0.6
  • Red Hat Fedora 11
  • Red Hat HPC Solution EL5 5
  • SuSE openSUSE 10.3
  • SuSE openSUSE 11.0
  • SuSE openSUSE 11.1
  • SuSE SUSE Linux Enterprise 10
  • SuSE SUSE Linux Enterprise 11
  • Ubuntu Ubuntu Linux 8.04 LTS Amd64
  • Ubuntu Ubuntu Linux 8.04 LTS I386
  • Ubuntu Ubuntu Linux 8.04 LTS Lpia
  • Ubuntu Ubuntu Linux 8.04 LTS Powerpc
  • Ubuntu Ubuntu Linux 8.04 LTS Sparc
  • Ubuntu Ubuntu Linux 8.10 Amd64
  • Ubuntu Ubuntu Linux 8.10 I386
  • Ubuntu Ubuntu Linux 8.10 Lpia
  • Ubuntu Ubuntu Linux 8.10 Powerpc
  • Ubuntu Ubuntu Linux 8.10 Sparc
  • Ubuntu Ubuntu Linux 9.04 Amd64
  • Ubuntu Ubuntu Linux 9.04 I386
  • Ubuntu Ubuntu Linux 9.04 Lpia
  • Ubuntu Ubuntu Linux 9.04 Powerpc
  • Ubuntu Ubuntu Linux 9.04 Sparc

References

  • BugTraq: 35464
  • CVE: CVE-2009-2288

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out