DSA-1825 nagios2, nagios3 -- insufficient input validationID: oval:org.mitre.oval:def:8200 | Date: (C)2009-12-15 (M)2021-06-02 |
Class: PATCH | Family: unix |
It was discovered that the statuswml.cgi script of nagios, a monitoring and management system for hosts, services and networks, is prone to a command injection vulnerability. Input to the ping and traceroute parameters of the script is not properly validated which allows an attacker to execute arbitrary shell commands by passing a crafted value to these parameters.
Platform: |
Debian 5.0 |
Debian 4.0 |