Signature Detail

APP: Nagios Remote Plugin Executor 2.13 Code Execution

This signature detects attempts to exploit a known vulnerability against Nagios NRPE 2.13. A successful attack can lead to arbitrary code execution.

Extended Description

Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters, which are processed by bash.

Affected Products

• Nagios remote_plug_in_executor 1.3
• Nagios remote_plug_in_executor 1.4
• Nagios remote_plug_in_executor 1.5
• Nagios remote_plug_in_executor 1.6
• Nagios remote_plug_in_executor 1.7
• Nagios remote_plug_in_executor 1.8
• Nagios remote_plug_in_executor 1.9
• Nagios remote_plug_in_executor 2.0
• Nagios remote_plug_in_executor 2.0b1
• Nagios remote_plug_in_executor 2.0b2
• Nagios remote_plug_in_executor 2.0b3
• Nagios remote_plug_in_executor 2.0b4
• Nagios remote_plug_in_executor 2.0b5
• Nagios remote_plug_in_executor 2.10
• Nagios remote_plug_in_executor 2.11
• Nagios remote_plug_in_executor 2.12
• Nagios remote_plug_in_executor 2.13
• Nagios remote_plug_in_executor 2.3
• Nagios remote_plug_in_executor 2.4
• Nagios remote_plug_in_executor 2.5
• Nagios remote_plug_in_executor 2.5.1
• Nagios remote_plug_in_executor 2.5.2
• Nagios remote_plug_in_executor 2.6
• Nagios remote_plug_in_executor 2.7
• Nagios remote_plug_in_executor 2.7.1
• Nagios remote_plug_in_executor 2.8
• Nagios remote_plug_in_executor 2.8.1
• Nagios remote_plug_in_executor 2.8b1
• Nagios remote_plug_in_executor 2.9
• Opensuse opensuse 11.4
• Opensuse opensuse 12.1
• Opensuse opensuse 12.2

References

• BugTraq: 58142
• CVE: CVE-2013-1362