Privacy and Legal Notice

DOE-CIRC TECHNICAL BULLETIN

T-182: Nagios 'statuswml.cgi' Remote Arbitrary Shell Command Injection Vulnerability

[CVE-2009-2288]

July 13, 2009 15:00 GMT
PROBLEM: Nagios is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data.
PLATFORM: Versions prior to Nagios 3.1.1 are vulnerable.
ABSTRACT: It was discovered that the statuswml.cgi script of nagios, a monitoring and management system for hosts, services and networks, is prone to a command injection vulnerability. Input to the ping and traceroute parameters of the script is not properly validated which allows an attacker to execute arbitrary shell commands by passing a crafted value to these parameters.
LINKS:  
  DOE-CIRC BULLETIN: http://www.doecirc.energy.gov/bulletins/t-182.shtml
  OTHER LINKS: Security Focus
http://www.securityfocus.com/bid/35464/info
National Vulnerability Database
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2288

  CVE: CVE-2009-2288
IMPACT ASSESSMENT: This risk is high. Remote attackers can exploit this issue to execute arbitrary shell commands with the privileges of the user running the application. Exploit code is publicly available. 
[***** Start CVE-2009-2288 *****]
Discussion:
Nagios is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data.Remote attackers can exploit this issue to execute arbitrary shell commands with the privileges of the user running the application.Note that for an exploit to succeed, access to the WAP interface's ping feature must be allowed.Versions prior to Nagios 3.1.1 are vulnerable. 

The vulnerability is remotely exploitable, authentication is not required.

Exploit code is available.

The following example URI is available: https://www.example.com/nagios/cgi-bin/statuswml.cgi?ping=173.45.235.65%3Becho+%24PATHThe following commercial exploit is available for Immunity CANVAS: https://www.immunityinc.com/downloads/immpartners/nagios_ping.tar.gz

Vulnerable systems:
Ubuntu Linux 9.04 sparc
Ubuntu Linux 9.04 powerpc
Ubuntu Linux 9.04 lpia
Ubuntu Linux 9.04 i386
Ubuntu Linux 9.04 amd64
Ubuntu Linux 8.10 sparc
Ubuntu Linux 8.10 powerpc
Ubuntu Linux 8.10 lpia
Ubuntu Linux 8.10 i386
Ubuntu Linux 8.10 amd64
Ubuntu Linux 8.04 LTS sparc
Ubuntu Linux 8.04 LTS powerpc
Ubuntu Linux 8.04 LTS lpia
Ubuntu Linux 8.04 LTS i386
Ubuntu Linux 8.04 LTS amd64
RedHat HPC Solution EL5 5
Nagios Nagios 3.0.6 
Nagios Nagios 3.0.5 
Nagios Nagios 3.0.4 
Nagios Nagios 2.9
Nagios Nagios 2.8
Nagios Nagios 2.7
Nagios Nagios 2.12
Nagios Nagios 2.11
Nagios Nagios 2.10
Debian Linux 5.0 sparc
Debian Linux 5.0 s/390
Debian Linux 5.0 powerpc
Debian Linux 5.0 mipsel
Debian Linux 5.0 mips
Debian Linux 5.0 m68k
Debian Linux 5.0 ia-64
Debian Linux 5.0 ia-32
Debian Linux 5.0 hppa
Debian Linux 5.0 armel
Debian Linux 5.0 arm
Debian Linux 5.0 amd64
Debian Linux 5.0 alpha
Debian Linux 5.0

Solution:
Updates are available. Please see the references for more information.

Debian Linux 5.0 ia-64

Debian nagios3-common_3.0.6-4~lenny2_all.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-common_ 3.0.6-4~lenny2_all.deb

Debian nagios3-dbg_3.0.6-4~lenny2_ia64.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0 .6-4~lenny2_ia64.deb

Debian nagios3-doc_3.0.6-4~lenny2_all.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-doc_3.0 .6-4~lenny2_all.deb

Debian nagios3_3.0.6-4~lenny2_ia64.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4 ~lenny2_ia64.deb

Ubuntu Linux 8.04 LTS powerpc

Ubuntu nagios2-common_2.11-1ubuntu1.5_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2-comm on_2.11-1ubuntu1.5_all.deb

Ubuntu nagios2-dbg_2.11-1ubuntu1.5_powerpc.deb
http://ports.ubuntu.com/pool/universe/n/nagios2/nagios2-dbg_2.11-1ubun tu1.5_powerpc.deb

Ubuntu nagios2-doc_2.11-1ubuntu1.5_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2-doc_ 2.11-1ubuntu1.5_all.deb

Ubuntu nagios2_2.11-1ubuntu1.5_powerpc.deb
http://ports.ubuntu.com/pool/universe/n/nagios2/nagios2_2.11-1ubuntu1. 5_powerpc.deb

Ubuntu Linux 8.10 powerpc

Ubuntu nagios3-common_3.0.2-1ubuntu1.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3-common_3 .0.2-1ubuntu1.2_all.deb

Ubuntu nagios3-dbg_3.0.2-1ubuntu1.2_powerpc.deb
http://ports.ubuntu.com/pool/main/n/nagios3/nagios3-dbg_3.0.2-1ubuntu1 .2_powerpc.deb

Ubuntu nagios3-doc_3.0.2-1ubuntu1.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3-doc_3.0. 2-1ubuntu1.2_all.deb

Ubuntu nagios3_3.0.2-1ubuntu1.2_powerpc.deb
http://ports.ubuntu.com/pool/main/n/nagios3/nagios3_3.0.2-1ubuntu1.2_p owerpc.deb

Ubuntu Linux 8.04 LTS sparc

Ubuntu nagios2-common_2.11-1ubuntu1.5_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2-comm on_2.11-1ubuntu1.5_all.deb

Ubuntu nagios2-dbg_2.11-1ubuntu1.5_sparc.deb
http://ports.ubuntu.com/pool/universe/n/nagios2/nagios2-dbg_2.11-1ubun tu1.5_sparc.deb

Ubuntu nagios2-doc_2.11-1ubuntu1.5_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2-doc_ 2.11-1ubuntu1.5_all.deb

Ubuntu nagios2_2.11-1ubuntu1.5_sparc.deb
http://ports.ubuntu.com/pool/universe/n/nagios2/nagios2_2.11-1ubuntu1. 5_sparc.deb

Ubuntu Linux 8.10 i386

Ubuntu nagios3-common_3.0.2-1ubuntu1.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3-common_3 .0.2-1ubuntu1.2_all.deb

Ubuntu nagios3-dbg_3.0.2-1ubuntu1.2_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3-dbg_3.0. 2-1ubuntu1.2_i386.deb

Ubuntu nagios3-doc_3.0.2-1ubuntu1.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3-doc_3.0. 2-1ubuntu1.2_all.deb

Ubuntu nagios3_3.0.2-1ubuntu1.2_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3_3.0.2-1u buntu1.2_i386.deb

Debian Linux 5.0 alpha

Debian nagios3-common_3.0.6-4~lenny2_all.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-common_ 3.0.6-4~lenny2_all.deb

Debian nagios3-dbg_3.0.6-4~lenny2_alpha.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0 .6-4~lenny2_alpha.deb

Debian nagios3-doc_3.0.6-4~lenny2_all.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-doc_3.0 .6-4~lenny2_all.deb

Debian nagios3_3.0.6-4~lenny2_alpha.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4 ~lenny2_alpha.deb

Debian Linux 5.0 ia-32

Debian nagios3-common_3.0.6-4~lenny2_all.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-common_ 3.0.6-4~lenny2_all.deb

Debian nagios3-dbg_3.0.6-4~lenny2_i386.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0 .6-4~lenny2_i386.deb

Debian nagios3-doc_3.0.6-4~lenny2_all.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-doc_3.0 .6-4~lenny2_all.deb

Debian nagios3_3.0.6-4~lenny2_i386.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4 ~lenny2_i386.deb

Ubuntu Linux 8.04 LTS amd64

Ubuntu nagios2-common_2.11-1ubuntu1.5_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2-comm on_2.11-1ubuntu1.5_all.deb

Ubuntu nagios2-dbg_2.11-1ubuntu1.5_amd64.deb
http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2-dbg_ 2.11-1ubuntu1.5_amd64.deb

Ubuntu nagios2-doc_2.11-1ubuntu1.5_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2-doc_ 2.11-1ubuntu1.5_all.deb

Ubuntu nagios2_2.11-1ubuntu1.5_amd64.deb
http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2_2.11 -1ubuntu1.5_amd64.deb

Debian Linux 5.0 s/390

Debian nagios3-common_3.0.6-4~lenny2_all.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-common_ 3.0.6-4~lenny2_all.deb

Debian nagios3-dbg_3.0.6-4~lenny2_s390.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0 .6-4~lenny2_s390.deb

Debian nagios3-doc_3.0.6-4~lenny2_all.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-doc_3.0 .6-4~lenny2_all.deb

Debian nagios3_3.0.6-4~lenny2_s390.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4 ~lenny2_s390.deb

Debian Linux 5.0 mipsel

Debian nagios3-common_3.0.6-4~lenny2_all.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-common_ 3.0.6-4~lenny2_all.deb

Debian nagios3-dbg_3.0.6-4~lenny2_mipsel.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0 .6-4~lenny2_mipsel.deb

Debian nagios3-doc_3.0.6-4~lenny2_all.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-doc_3.0 .6-4~lenny2_all.deb

Debian nagios3_3.0.6-4~lenny2_mipsel.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4 ~lenny2_mipsel.deb

Ubuntu Linux 9.04 sparc

Ubuntu nagios3-common_3.0.6-2ubuntu1.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3-common_3 .0.6-2ubuntu1.1_all.deb

Ubuntu nagios3-dbg_3.0.6-2ubuntu1.1_sparc.deb
http://ports.ubuntu.com/pool/main/n/nagios3/nagios3-dbg_3.0.6-2ubuntu1 .1_sparc.deb

Ubuntu nagios3-doc_3.0.6-2ubuntu1.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3-doc_3.0. 6-2ubuntu1.1_all.deb

Ubuntu nagios3_3.0.6-2ubuntu1.1_sparc.deb
http://ports.ubuntu.com/pool/main/n/nagios3/nagios3_3.0.6-2ubuntu1.1_s parc.deb

Ubuntu Linux 9.04 powerpc

Ubuntu nagios3-common_3.0.6-2ubuntu1.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3-common_3 .0.6-2ubuntu1.1_all.deb

Ubuntu nagios3-dbg_3.0.6-2ubuntu1.1_powerpc.deb
http://ports.ubuntu.com/pool/main/n/nagios3/nagios3-dbg_3.0.6-2ubuntu1 .1_powerpc.deb

Ubuntu nagios3-doc_3.0.6-2ubuntu1.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3-doc_3.0. 6-2ubuntu1.1_all.deb

Ubuntu nagios3_3.0.6-2ubuntu1.1_powerpc.deb
http://ports.ubuntu.com/pool/main/n/nagios3/nagios3_3.0.6-2ubuntu1.1_p owerpc.deb

Ubuntu Linux 8.04 LTS lpia

Ubuntu nagios2-common_2.11-1ubuntu1.5_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2-comm on_2.11-1ubuntu1.5_all.deb

Ubuntu nagios2-dbg_2.11-1ubuntu1.5_lpia.deb
http://ports.ubuntu.com/pool/universe/n/nagios2/nagios2-dbg_2.11-1ubun tu1.5_lpia.deb

Ubuntu nagios2-doc_2.11-1ubuntu1.5_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2-doc_ 2.11-1ubuntu1.5_all.deb

Ubuntu nagios2_2.11-1ubuntu1.5_lpia.deb
http://ports.ubuntu.com/pool/universe/n/nagios2/nagios2_2.11-1ubuntu1. 5_lpia.deb

Ubuntu Linux 8.10 lpia

Ubuntu nagios3-common_3.0.2-1ubuntu1.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3-common_3 .0.2-1ubuntu1.2_all.deb

Ubuntu nagios3-dbg_3.0.2-1ubuntu1.2_lpia.deb
http://ports.ubuntu.com/pool/main/n/nagios3/nagios3-dbg_3.0.2-1ubuntu1 .2_lpia.deb

Ubuntu nagios3-doc_3.0.2-1ubuntu1.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3-doc_3.0. 2-1ubuntu1.2_all.deb

Ubuntu nagios3_3.0.2-1ubuntu1.2_lpia.deb
http://ports.ubuntu.com/pool/main/n/nagios3/nagios3_3.0.2-1ubuntu1.2_l pia.deb

Debian Linux 5.0 hppa

Debian nagios3-common_3.0.6-4~lenny2_all.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-common_ 3.0.6-4~lenny2_all.deb

Debian nagios3-dbg_3.0.6-4~lenny2_hppa.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0 .6-4~lenny2_hppa.deb

Debian nagios3-doc_3.0.6-4~lenny2_all.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-doc_3.0 .6-4~lenny2_all.deb

Debian nagios3_3.0.6-4~lenny2_hppa.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4 ~lenny2_hppa.deb

Ubuntu Linux 9.04 i386

Ubuntu nagios3-common_3.0.6-2ubuntu1.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3-common_3 .0.6-2ubuntu1.1_all.deb

Ubuntu nagios3-dbg_3.0.6-2ubuntu1.1_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3-dbg_3.0. 6-2ubuntu1.1_i386.deb

Ubuntu nagios3-doc_3.0.6-2ubuntu1.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3-doc_3.0. 6-2ubuntu1.1_all.deb

Ubuntu nagios3_3.0.6-2ubuntu1.1_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3_3.0.6-2u buntu1.1_i386.deb

Ubuntu Linux 8.10 sparc

Ubuntu nagios3-common_3.0.2-1ubuntu1.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3-common_3 .0.2-1ubuntu1.2_all.deb

Ubuntu nagios3-dbg_3.0.2-1ubuntu1.2_sparc.deb
http://ports.ubuntu.com/pool/main/n/nagios3/nagios3-dbg_3.0.2-1ubuntu1 .2_sparc.deb

Ubuntu nagios3-doc_3.0.2-1ubuntu1.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3-doc_3.0. 2-1ubuntu1.2_all.deb

Ubuntu nagios3_3.0.2-1ubuntu1.2_sparc.deb
http://ports.ubuntu.com/pool/main/n/nagios3/nagios3_3.0.2-1ubuntu1.2_s parc.deb

Ubuntu Linux 9.04 lpia

Ubuntu nagios3-common_3.0.6-2ubuntu1.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3-common_3 .0.6-2ubuntu1.1_all.deb

Ubuntu nagios3-dbg_3.0.6-2ubuntu1.1_lpia.deb
http://ports.ubuntu.com/pool/main/n/nagios3/nagios3-dbg_3.0.6-2ubuntu1 .1_lpia.deb

Ubuntu nagios3-doc_3.0.6-2ubuntu1.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3-doc_3.0. 6-2ubuntu1.1_all.deb

Ubuntu nagios3_3.0.6-2ubuntu1.1_lpia.deb
http://ports.ubuntu.com/pool/main/n/nagios3/nagios3_3.0.6-2ubuntu1.1_l pia.deb

Debian Linux 5.0 m68k

Debian nagios3-common_3.0.6-4~lenny2_all.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-common_ 3.0.6-4~lenny2_all.deb

Debian nagios3-doc_3.0.6-4~lenny2_all.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-doc_3.0 .6-4~lenny2_all.deb

Debian Linux 5.0 arm

Debian nagios3-common_3.0.6-4~lenny2_all.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-common_ 3.0.6-4~lenny2_all.deb

Debian nagios3-dbg_3.0.6-4~lenny2_arm.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0 .6-4~lenny2_arm.deb

Debian nagios3-doc_3.0.6-4~lenny2_all.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-doc_3.0 .6-4~lenny2_all.deb

Debian nagios3_3.0.6-4~lenny2_arm.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4 ~lenny2_arm.deb

Debian Linux 5.0 armel

Debian nagios3-common_3.0.6-4~lenny2_all.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-common_ 3.0.6-4~lenny2_all.deb

Debian nagios3-dbg_3.0.6-4~lenny2_armel.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0 .6-4~lenny2_armel.deb

Debian nagios3-doc_3.0.6-4~lenny2_all.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-doc_3.0 .6-4~lenny2_all.deb

Debian nagios3_3.0.6-4~lenny2_armel.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4 ~lenny2_armel.deb

Debian Linux 5.0

Debian nagios3-common_3.0.6-4~lenny2_all.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-common_ 3.0.6-4~lenny2_all.deb

Debian nagios3-doc_3.0.6-4~lenny2_all.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-doc_3.0 .6-4~lenny2_all.deb

Nagios Nagios 2.12

Nagios nagios-3.1.1.tar.gz
http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-3.1.1.tar .gz

Nagios Nagios 2.11

Nagios nagios-3.1.1.tar.gz
http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-3.1.1.tar .gz

Nagios Nagios 2.8

Nagios nagios-3.1.1.tar.gz
http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-3.1.1.tar .gz

Ubuntu Linux 8.04 LTS i386

Ubuntu nagios2-common_2.11-1ubuntu1.5_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2-comm on_2.11-1ubuntu1.5_all.deb

Ubuntu nagios2-dbg_2.11-1ubuntu1.5_i386.deb
http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2-dbg_ 2.11-1ubuntu1.5_i386.deb

Ubuntu nagios2-doc_2.11-1ubuntu1.5_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2-doc_ 2.11-1ubuntu1.5_all.deb

Ubuntu nagios2_2.11-1ubuntu1.5_i386.deb
http://security.ubuntu.com/ubuntu/pool/universe/n/nagios2/nagios2_2.11 -1ubuntu1.5_i386.deb

Debian Linux 5.0 amd64

Debian nagios3-common_3.0.6-4~lenny2_all.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-common_ 3.0.6-4~lenny2_all.deb

Debian nagios3-dbg_3.0.6-4~lenny2_amd64.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0 .6-4~lenny2_amd64.deb

Debian nagios3-doc_3.0.6-4~lenny2_all.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-doc_3.0 .6-4~lenny2_all.deb

Debian nagios3_3.0.6-4~lenny2_amd64.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4 ~lenny2_amd64.deb

Nagios Nagios 2.10

Nagios nagios-3.1.1.tar.gz
http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-3.1.1.tar .gz

Debian Linux 5.0 mips

Debian nagios3-common_3.0.6-4~lenny2_all.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-common_ 3.0.6-4~lenny2_all.deb

Debian nagios3-dbg_3.0.6-4~lenny2_mips.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0 .6-4~lenny2_mips.deb

Debian nagios3-doc_3.0.6-4~lenny2_all.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-doc_3.0 .6-4~lenny2_all.deb

Debian nagios3_3.0.6-4~lenny2_mips.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4 ~lenny2_mips.deb

Ubuntu Linux 9.04 amd64

Ubuntu nagios3-common_3.0.6-2ubuntu1.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3-common_3 .0.6-2ubuntu1.1_all.deb

Ubuntu nagios3-dbg_3.0.6-2ubuntu1.1_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3-dbg_3.0. 6-2ubuntu1.1_amd64.deb

Ubuntu nagios3-doc_3.0.6-2ubuntu1.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3-doc_3.0. 6-2ubuntu1.1_all.deb

Ubuntu nagios3_3.0.6-2ubuntu1.1_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3_3.0.6-2u buntu1.1_amd64.deb

Nagios Nagios 2.9

Nagios nagios-3.1.1.tar.gz
http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-3.1.1.tar .gz

Ubuntu Linux 8.10 amd64

Ubuntu nagios3-common_3.0.2-1ubuntu1.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3-common_3 .0.2-1ubuntu1.2_all.deb

Ubuntu nagios3-dbg_3.0.2-1ubuntu1.2_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3-dbg_3.0. 2-1ubuntu1.2_amd64.deb

Ubuntu nagios3-doc_3.0.2-1ubuntu1.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3-doc_3.0. 2-1ubuntu1.2_all.deb

Ubuntu nagios3_3.0.2-1ubuntu1.2_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/n/nagios3/nagios3_3.0.2-1u buntu1.2_amd64.deb

Debian Linux 5.0 powerpc

Debian nagios3-common_3.0.6-4~lenny2_all.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-common_ 3.0.6-4~lenny2_all.deb

Debian nagios3-dbg_3.0.6-4~lenny2_powerpc.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0 .6-4~lenny2_powerpc.deb

Debian nagios3-doc_3.0.6-4~lenny2_all.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-doc_3.0 .6-4~lenny2_all.deb

Debian nagios3_3.0.6-4~lenny2_powerpc.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4 ~lenny2_powerpc.deb

Debian Linux 5.0 sparc

Debian nagios3-common_3.0.6-4~lenny2_all.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-common_ 3.0.6-4~lenny2_all.deb

Debian nagios3-dbg_3.0.6-4~lenny2_sparc.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0 .6-4~lenny2_sparc.deb

Debian nagios3-doc_3.0.6-4~lenny2_all.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-doc_3.0 .6-4~lenny2_all.deb

Debian nagios3_3.0.6-4~lenny2_sparc.deb
http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4 ~lenny2_sparc.deb

Nagios Nagios 2.7

Nagios nagios-3.1.1.tar.gz
http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-3.1.1.tar .gz

Nagios Nagios 3.0.4 

Nagios nagios-3.1.1.tar.gz
http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-3.1.1.tar .gz

Nagios Nagios 3.0.5 

Nagios nagios-3.1.1.tar.gz
http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-3.1.1.tar .gz

Nagios Nagios 3.0.6 

Nagios nagios-3.1.1.tar.gz
http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-3.1.1.tar .gz
[***** End CVE-2009-2288 *****]
DOE-CIRC wishes to acknowledge the contributions of Paul for the information contained in this bulletin.
DOE-CIRC services are available to DOE, DOE Contractors, and the NIH. DOE-CIRC can be contacted at: 
    Voice:          866-941-2472
    E-mail:          doecirc@doecirc.energy.gov
    World Wide Web:  http://www.doecirc.energy.gov
UCRL-MI-119788