• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Nagios Plugin Shell Character Arbitrary Command Execution Vulnerability

Nagios is a freely available, open source watchdog software package. It is designed for the Linux and Unix Operating Environments.

Under some circumstances, it may be possible to generate an event that causes a plugin to send maliciously formatted data to the Nagios server. This data may contain things such as arbitrary commands and shell metacharacters. Upon receiving this data, any commands contained between the metacharacters would be executed.