CVE-2009-2288 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:P/I:P/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 99%

Affected Products (NVD)

Vendor	Product	Version
nagios	nagios	𝑥 ≤ 3.1.0
nagios	nagios	1.0
nagios	nagios	1.0b1:b1
nagios	nagios	1.0b2:b2
nagios	nagios	1.0b4:b4
nagios	nagios	1.1
nagios	nagios	1.4.1
nagios	nagios	2.0
nagios	nagios	2.0b4:b4
nagios	nagios	2.7
nagios	nagios	2.10
nagios	nagios	3.0
nagios	nagios	3.0:alpha1
nagios	nagios	3.0:alpha2
nagios	nagios	3.0:alpha3
nagios	nagios	3.0:alpha4
nagios	nagios	3.0:beta1
nagios	nagios	3.0:beta2
nagios	nagios	3.0:beta3
nagios	nagios	3.0:beta4
nagios	nagios	3.0:beta5
nagios	nagios	3.0:beta6
nagios	nagios	3.0:beta7
nagios	nagios	3.0:rc1
nagios	nagios	3.0:rc2
nagios	nagios	3.0:rc3
nagios	nagios	3.0.1
nagios	nagios	3.0.2
nagios	nagios	3.0.3
nagios	nagios	3.0.4
nagios	nagios	3.0.5
nagios	nagios	3.0.6

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

nagios

dapper	not-affected
hardy	dne
intrepid	dne
jaunty	dne

nagios2

dapper	dne
hardy	Fixed 2.11-1ubuntu1.5 released
intrepid	dne
jaunty	dne

nagios3

dapper	dne
hardy	dne
intrepid	Fixed 3.0.2-1ubuntu1.2 released
jaunty	Fixed 3.0.6-2ubuntu1.1 released

Known Exploits!

Common Weakness Enumeration

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References

http://marc.info/?l=bugtraq&m=126996888626964&w=2

http://secunia.com/advisories/35543

http://secunia.com/advisories/35688

http://secunia.com/advisories/35692

http://secunia.com/advisories/39227

http://security.gentoo.org/glsa/glsa-200907-15.xml

http://tracker.nagios.org/view.php?id=15

http://www.debian.org/security/2009/dsa-1825

http://www.nagios.org/development/history/core-3x/

http://www.securitytracker.com/id?1022503

http://www.ubuntu.com/usn/USN-795-1

http://www.vupen.com/english/advisories/2010/0750

http://marc.info/?l=bugtraq&m=126996888626964&w=2

http://secunia.com/advisories/35543

http://secunia.com/advisories/35688

http://secunia.com/advisories/35692

http://secunia.com/advisories/39227

http://security.gentoo.org/glsa/glsa-200907-15.xml

http://tracker.nagios.org/view.php?id=15

http://www.debian.org/security/2009/dsa-1825

http://www.nagios.org/development/history/core-3x/

http://www.securitytracker.com/id?1022503

http://www.ubuntu.com/usn/USN-795-1

http://www.vupen.com/english/advisories/2010/0750