Nagios Remote Command Execution (Feb 22, 2013)
Nagios is a open source monitoring system that enables organizations to identify and resolve IT infrastructure problems. Nagios can monitor computer systems, applications, services, business processes and send alerts when they are not functioning properly. Nagios XI is a paid version of Nagios which offers greater functionality and performance.
A command injection vulnerability exists in one of the tools provided in Nagios XI — the Autodiscovery tool. Specifically the vulnerability is due to lack of sanitation of newjob or editjob commands received by Autodiscovery. A remote attacker could exploit this vulnerability by sending crafted HTTP requests to the Nagios XI server. Successful exploitation allows the attacker to execute arbitrary shell commands in the context of Nagios service. Dell SonicWALL has released an IPS signature to detect and block specific exploitation attempts targeting this vulnerability. The signature is listed below:- 9664 Nagios Autodiscovery Remote Command Execution
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
