SHARE
CORE IMPACT v9 - Exploits Update (Mon Aug 24 2009)
Nagios Command Injection Exploit
Exploits/Client Side [Linux]
• Mon Aug 24 2009
A vulnerability has been reported in Nagios, which can be exploited by malicious users to potentially compromise a vulnerable system. Input passed to the "ping" parameter in statuswml.cgi is not properly sanitized before being used to invoke the ping command. This can be exploited to inject and execute arbitrary shell commands. Additional research revealed that this parameter is vulnerable to Cross-Site Request Forgery. This module exploits the XSRF vulnerability in order to install an agent using the command injection vulnerability.
Exploits Vulnerabiltiy: CVE-2009-2288