Immunity, Inc.
Name nagios_ping
CVE CVE-2009-2288
Exploit Pack CANVAS
Descriptionnagios_ping
NotesCVE Name: CVE-2009-2288
VENDOR: http://www.nagios.org/
CVEUrl: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2288
Notes: statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters. The actual .cgi file scrubs a lot of characters that would make this attack slightly easier, so wget or curl are used to download a trojan onto the target machine. If either of those two commands are not avaliable on the target machine then this exploit will fail.
Repeatability: Infinite
CVSS: 7.5

Learn more about the CANVAS Exploit Pack here: CANVAS