Name | nagios_ping |
CVE | CVE-2009-2288 |
Exploit Pack | CANVAS |
Description | nagios_ping |
Notes | CVE Name: CVE-2009-2288 VENDOR: http://www.nagios.org/ CVEUrl: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2288 Notes: statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters. The actual .cgi file scrubs a lot of characters that would make this attack slightly easier, so wget or curl are used to download a trojan onto the target machine. If either of those two commands are not avaliable on the target machine then this exploit will fail. Repeatability: Infinite CVSS: 7.5 |
Learn more about the CANVAS Exploit Pack here: CANVAS |