Nagios Remote Command Execution

February 22, 2013

Nagios is a open source monitoring system that enables organizations to identify and resolve IT infrastructure problems. Nagios can monitor computer systems, applications, services, business processes and send alerts when they are not functioning properly. Nagios XI is a paid version of Nagios which offers greater functionality and performance.

A command injection vulnerability exists in one of the tools provided in Nagios XI -- the Autodiscovery tool. Specifically the vulnerability is due to lack of sanitation of newjob or editjob commands received by Autodiscovery. A remote attacker could exploit this vulnerability by sending crafted HTTP requests to the Nagios XI server. Successful exploitation allows the attacker to execute arbitrary shell commands in the context of Nagios service.

Dell SonicWALL has released an IPS signature to detect and block specific exploitation attempts targeting this vulnerability. The signature is listed below:

  • 9664 Nagios Autodiscovery Remote Command Execution