FreeBSD : nagios -- Command Injection Vulnerability (3ebd4cb5-657f-11de-883a-00e0815b8da8)
High Nessus Plugin ID 39578
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionSecunia reports :
A vulnerability has been reported in Nagios, which can be exploited by malicious users to potentially compromise a vulnerable system.
Input passed to the 'ping' parameter in statuswml.cgi is not properly sanitised before being used to invoke the ping command. This can be exploited to inject and execute arbitrary shell commands.
Successful exploitation requires access to the ping feature of the WAP interface.
SolutionUpdate the affected packages.