This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
APP:MISC:NAGIOS-NRPE-CE
|
Severity |
Major
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
APP
|
Keywords |
Nagios Remote Plugin Executor 2.13 Code Execution
|
Release Date |
2013/03/20
|
Update Number |
2247
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
APP: Nagios Remote Plugin Executor 2.13 Code Execution
This signature detects attempts to exploit a known vulnerability against Nagios NRPE 2.13. A successful attack can lead to arbitrary code execution.
Extended Description
Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters, which are processed by bash.
Affected Products
- Nagios remote_plug_in_executor 1.3
- Nagios remote_plug_in_executor 1.4
- Nagios remote_plug_in_executor 1.5
- Nagios remote_plug_in_executor 1.6
- Nagios remote_plug_in_executor 1.7
- Nagios remote_plug_in_executor 1.8
- Nagios remote_plug_in_executor 1.9
- Nagios remote_plug_in_executor 2.0
- Nagios remote_plug_in_executor 2.0b1
- Nagios remote_plug_in_executor 2.0b2
- Nagios remote_plug_in_executor 2.0b3
- Nagios remote_plug_in_executor 2.0b4
- Nagios remote_plug_in_executor 2.0b5
- Nagios remote_plug_in_executor 2.10
- Nagios remote_plug_in_executor 2.11
- Nagios remote_plug_in_executor 2.12
- Nagios remote_plug_in_executor 2.13
- Nagios remote_plug_in_executor 2.3
- Nagios remote_plug_in_executor 2.4
- Nagios remote_plug_in_executor 2.5
- Nagios remote_plug_in_executor 2.5.1
- Nagios remote_plug_in_executor 2.5.2
- Nagios remote_plug_in_executor 2.6
- Nagios remote_plug_in_executor 2.7
- Nagios remote_plug_in_executor 2.7.1
- Nagios remote_plug_in_executor 2.8
- Nagios remote_plug_in_executor 2.8.1
- Nagios remote_plug_in_executor 2.8b1
- Nagios remote_plug_in_executor 2.9
- Opensuse opensuse 11.4
- Opensuse opensuse 12.1
- Opensuse opensuse 12.2
References