Re: CVE id request: nagios

["Steven M. Christey" <coley () linus mitre org>]

======================================================
Name: CVE-2009-2288
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2288
Reference: CONFIRM:http://tracker.nagios.org/view.php?id=15
Reference: CONFIRM:http://www.nagios.org/development/history/core-3x/
Reference: SECUNIA:35543
Reference: URL:http://secunia.com/advisories/35543

statuswml.cgi in Nagios before 3.1.1 allows remote attackers to
execute arbitrary commands via shell metacharacters in the (1) ping or
(2) Traceroute parameters.