Oval Definition:	oval:org.mitre.oval:def:13385
Revision Date: 2014-06-23 Version: 20 Title: DSA-1825-1 nagios2, nagios3 -- insufficient input validation Description: It was discovered that the statuswml.cgi script of nagios, a monitoring and management system for hosts, services and networks, is prone to a command injection vulnerability. Input to the ping and trace route parameters of the script is not properly validated which allows an attacker to execute arbitrary shell commands by passing a crafted value to these parameters. For the oldstable distribution, this problem has been fixed in version 2.6-2+etch3 of nagios2. For the stable distribution, this problem has been fixed in version 3.0.6-4~lenny2 of nagios3. For the testing distribution, this problem has been fixed in version 3.0.6-5 of nagios3. For the unstable distribution, this problem has been fixed in version 3.0.6-5 of nagios3. We recommend that you upgrade your nagios2/nagios3 packages. Family: unix Class: patch Status: ACCEPTED Reference(s): CVE-2009-2288 DSA-1825-1 Platform(s): Debian GNU/Linux 5.0 Product(s): nagios2 nagios3 Definition Synopsis Debian GNU/Linux 5.0 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section nagios3-doc DPKG is earlier than 3.0.6-4~lenny2 OR nagios3-common DPKG is earlier than 3.0.6-4~lenny2 OR Architecture depended section Supported architectures section Installed architecture is s390 OR Installed architecture is amd64 OR Installed architecture is sparc OR Installed architecture is arm OR Installed architecture is i386 OR Installed architecture is armel OR Installed architecture is mips OR Installed architecture is ia64 OR Installed architecture is alpha OR Installed architecture is powerpc OR Installed architecture is mipsel OR Installed architecture is hppa AND Packages section nagios3-dbg DPKG is earlier than 3.0.6-4~lenny2 OR nagios3 DPKG is earlier than 3.0.6-4~lenny2
BACK