About Nagios3 and arbitrary code execution

Daniel Bareiro daniel-listas at gmx.net
Wed Jul 8 11:44:28 CEST 2009


Hi all!

At the moment I am using Nagios 3.0.6 (12/01/2008) compiled from the
source code provided from nagios.org. Recently I have read in the
DSA-1825-1 [1] about an arbitrary code execution.

According to I see in changelog of the version 3.1.1, it incorporates a
security fix for statuswml.cgi where arbitrary shell injection was
possible. Somebody could confirm to me that this vulnerability is the
same that is mentioned in the DSA?

Thanks in advance.

Regards,
Daniel

[1] http://lwn.net/Alerts/339889/
-- 
Fingerprint: BFB3 08D6 B4D1 31B2 72B9  29CE 6696 BF1B 14E6 1D37
Powered by Debian GNU/Linux Squeeze - Linux user #188.598
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <https://www.monitoring-lists.org/archive/users/attachments/20090708/eafc38cf/attachment.sig>
-------------- next part --------------
------------------------------------------------------------------------------
Enter the BlackBerry Developer Challenge  
This is your chance to win up to $100,000 in prizes! For a limited time, 
vendors submitting new applications to BlackBerry App World(TM) will have
the opportunity to enter the BlackBerry Developer Challenge. See full prize  
details at: http://p.sf.net/sfu/Challenge
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null


More information about the Users mailing list