It was discovered that the statuswml.cgi script of nagios, a monitoring and management system for hosts, services and networks, is prone to a command injection vulnerability. Input to the ping and traceroute parameters of the script is not properly validated which allows an attacker to execute arbitrary shell commands by passing a crafted value to these parameters. For the oldstable distribution , this problem has been fixed in version 2.6-2+etch3 of nagios2. For the stable distribution , this problem has been fixed in version 3.0.6-4~lenny2 of nagios3. For the testing distribution , this problem has been fixed in version 3.0.6-5 of nagios3. For the unstable distribution , this problem has been fixed in version 3.0.6-5 of nagios3. We recommend that you upgrade your nagios2/nagios3 packages.