Hi all! At the moment I am using Nagios 3.0.6 (12/01/2008) compiled from the source code provided from nagios.org. Recently I have read in the DSA-1825-1 [1] about an arbitrary code execution.
According to I see in changelog of the version 3.1.1, it incorporates a security fix for statuswml.cgi where arbitrary shell injection was possible. Somebody could confirm to me that this vulnerability is the same that is mentioned in the DSA? Thanks in advance. Regards, Daniel [1] http://lwn.net/Alerts/339889/ -- Fingerprint: BFB3 08D6 B4D1 31B2 72B9 29CE 6696 BF1B 14E6 1D37 Powered by Debian GNU/Linux Squeeze - Linux user #188.598
signature.asc
Description: Digital signature
------------------------------------------------------------------------------ Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/Challenge
_______________________________________________ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null