20554 2009-06-24 00:11:27 +0400 CVE-2009-2288 Nagios "statuswml.cgi" Command Injection Vulnerability 2019-10-06 17:14:26 +0300 1 1 4 Development Sisyphus nagios unstable all Linux CLOSED FIXED http://secunia.com/advisories/35543/ security P3 blocker --- 33309 1 crux serjigva grenka ldv mike serjigva qa-sisyphus oldest_to_newest 93594 0 crux 2009-06-24 00:11:27 +0400 Input passed to the "ping" parameter in statuswml.cgi is not properly sanitised before being used to invoke the ping command. This can be exploited to inject and execute arbitrary shell commands. Successful exploitation requires access to the ping feature of the WAP interface. Fixed in nagios >= 3.1.1 143559 1 mike 2013-10-31 16:16:27 +0400 Если что, nagios у нас с 2009 года только пересобирался с новыми перлами. * Mon Jan 12 2009 Dmitry Lebkov <dlebkov@altlinux> 3.0.6-alt1 184773 2 nbr 2019-10-05 20:49:06 +0300 http://git.altlinux.org/gears/n/nagios.git?p=nagios.git;a=commit;h=75c99281c4cf3023ad62d323801542bb9ac9ac72 184777 3 mike 2019-10-06 17:14:26 +0300 2 nbr: спасибо; у тебя ещё 3.0.6-alt7 есть -- может, закинь тоже в сизиф?