|
|
Nagios Plugin Shell字符任意命令执行漏洞
发布时间:2002-07-10
更新时间:2002-07-10
严重程度:高
威胁程度:普通用户访问权限
错误类型:输入验证错误
利用方式:服务器模式
BUGTRAQ ID:5174
受影响系统Nagios Nagios 1.0 b3
- Debian Linux 2.2 68k
- Debian Linux 2.2 alpha
- Debian Linux 2.2 arm
- Debian Linux 2.2 IA-32
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 sparc
- MandrakeSoft Linux Mandrake 7.2
- MandrakeSoft Linux Mandrake 8.0
- MandrakeSoft Linux Mandrake 8.1
- MandrakeSoft Linux Mandrake 8.2
- RedHat Linux 7.0 alpha
- RedHat Linux 7.0 i386
- RedHat Linux 7.0 sparc
- RedHat Linux 7.1 alpha
- RedHat Linux 7.1 i386
- RedHat Linux 7.1 ia64
- RedHat Linux 7.2 alpha
- RedHat Linux 7.2 i386
- RedHat Linux 7.2 ia64
- RedHat Linux 7.3 i386
- S.u.S.E. Linux 7.0 alpha
- S.u.S.E. Linux 7.0 i386
- S.u.S.E. Linux 7.0 ppc
- S.u.S.E. Linux 7.0 sparc
- S.u.S.E. Linux 7.1 alpha
- S.u.S.E. Linux 7.1 ppc
- S.u.S.E. Linux 7.1 sparc
- S.u.S.E. Linux 7.1 x86
- S.u.S.E. Linux 7.2 i386
- S.u.S.E. Linux 7.3 i386
- S.u.S.E. Linux 7.3 ppc
- S.u.S.E. Linux 7.3 sparc
- S.u.S.E. Linux 8.0 i386
Nagios Nagios 1.0 b2
- Debian Linux 2.2 68k
- Debian Linux 2.2 alpha
- Debian Linux 2.2 arm
- Debian Linux 2.2 IA-32
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 sparc
- MandrakeSoft Linux Mandrake 7.2
- MandrakeSoft Linux Mandrake 8.0
- MandrakeSoft Linux Mandrake 8.1
- MandrakeSoft Linux Mandrake 8.2
- RedHat Linux 7.0 alpha
- RedHat Linux 7.0 i386
- RedHat Linux 7.0 sparc
- RedHat Linux 7.1 alpha
- RedHat Linux 7.1 i386
- RedHat Linux 7.1 ia64
- RedHat Linux 7.2 alpha
- RedHat Linux 7.2 i386
- RedHat Linux 7.2 ia64
- RedHat Linux 7.3 i386
- S.u.S.E. Linux 7.0 alpha
- S.u.S.E. Linux 7.0 i386
- S.u.S.E. Linux 7.0 ppc
- S.u.S.E. Linux 7.0 sparc
- S.u.S.E. Linux 7.1 alpha
- S.u.S.E. Linux 7.1 ppc
- S.u.S.E. Linux 7.1 sparc
- S.u.S.E. Linux 7.1 x86
- S.u.S.E. Linux 7.2 i386
- S.u.S.E. Linux 7.3 i386
- S.u.S.E. Linux 7.3 ppc
- S.u.S.E. Linux 7.3 sparc
- S.u.S.E. Linux 8.0 i386
Nagios Nagios 1.0 b1
- Debian Linux 2.2 68k
- Debian Linux 2.2 alpha
- Debian Linux 2.2 arm
- Debian Linux 2.2 IA-32
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 sparc
- MandrakeSoft Linux Mandrake 7.2
- MandrakeSoft Linux Mandrake 8.0
- MandrakeSoft Linux Mandrake 8.1
- MandrakeSoft Linux Mandrake 8.2
- RedHat Linux 7.0 alpha
- RedHat Linux 7.0 i386
- RedHat Linux 7.0 sparc
- RedHat Linux 7.1 alpha
- RedHat Linux 7.1 i386
- RedHat Linux 7.1 ia64
- RedHat Linux 7.2 alpha
- RedHat Linux 7.2 i386
- RedHat Linux 7.2 ia64
- RedHat Linux 7.3 i386
- S.u.S.E. Linux 7.0 alpha
- S.u.S.E. Linux 7.0 i386
- S.u.S.E. Linux 7.0 ppc
- S.u.S.E. Linux 7.0 sparc
- S.u.S.E. Linux 7.1 alpha
- S.u.S.E. Linux 7.1 ppc
- S.u.S.E. Linux 7.1 sparc
- S.u.S.E. Linux 7.1 x86
- S.u.S.E. Linux 7.2 i386
- S.u.S.E. Linux 7.3 i386
- S.u.S.E. Linux 7.3 ppc
- S.u.S.E. Linux 7.3 sparc
- S.u.S.E. Linux 8.0 i386 详细描述
Nagios是免费开放源代码watchdog软件,设计使用在多种系统平台下。
在某些条件下,存在产生事件引起plugin发送恶意格式数据给Nagios服务程序,这些数据包含任意命令和SHELL元字符,接收到这些数据后,包含的命令将以Nagios进程权利执行。
测试代码
无
解决方案
补丁下载:
Nagios Nagios 1.0 b3:
Nagios Upgrade nagios-1.0b4.tar.gz
http://prdownloads.sourceforge.net/nagios/nagios-1.0b4.tar.gz?download
Nagios Nagios 1.0 b2:
Nagios Upgrade nagios-1.0b4.tar.gz
http://prdownloads.sourceforge.net/nagios/nagios-1.0b4.tar.gz?download
Nagios Nagios 1.0 b1:
Nagios Upgrade nagios-1.0b4.tar.gz
http://prdownloads.sourceforge.net/nagios/nagios-1.0b4.tar.gz?download
相关信息
参考:http://www.nagios.org/
|
