CVE-2013-1362: Input Validation
First published: Tue Jul 09 2013(Updated: )
Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters, which are processed by bash.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| openSUSE | =11.4 | |
| openSUSE | =12.1 | |
| openSUSE | =12.2 | |
| Nagios Remote Plugin Executor | <=2.13 | |
| Nagios Remote Plugin Executor | =1.3 | |
| Nagios Remote Plugin Executor | =1.4 | |
| Nagios Remote Plugin Executor | =1.5 | |
| Nagios Remote Plugin Executor | =1.6 | |
| Nagios Remote Plugin Executor | =1.7 | |
| Nagios Remote Plugin Executor | =1.8 | |
| Nagios Remote Plugin Executor | =1.9 | |
| Nagios Remote Plugin Executor | =2.0 | |
| Nagios Remote Plugin Executor | =2.0b1 | |
| Nagios Remote Plugin Executor | =2.0b2 | |
| Nagios Remote Plugin Executor | =2.0b3 | |
| Nagios Remote Plugin Executor | =2.0b4 | |
| Nagios Remote Plugin Executor | =2.0b5 | |
| Nagios Remote Plugin Executor | =2.3 | |
| Nagios Remote Plugin Executor | =2.4 | |
| Nagios Remote Plugin Executor | =2.5 | |
| Nagios Remote Plugin Executor | =2.5.1 | |
| Nagios Remote Plugin Executor | =2.5.2 | |
| Nagios Remote Plugin Executor | =2.6 | |
| Nagios Remote Plugin Executor | =2.7 | |
| Nagios Remote Plugin Executor | =2.7.1 | |
| Nagios Remote Plugin Executor | =2.8 | |
| Nagios Remote Plugin Executor | =2.8.1 | |
| Nagios Remote Plugin Executor | =2.8b1 | |
| Nagios Remote Plugin Executor | =2.9 | |
| Nagios Remote Plugin Executor | =2.10 | |
| Nagios Remote Plugin Executor | =2.11 | |
| Nagios Remote Plugin Executor | =2.12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00006.html
- http://seclists.org/bugtraq/2013/Feb/119
- http://www.exploit-db.com/exploits/24955
- http://www.occamsec.com/vulnerabilities.html#nagios_metacharacter_vulnerability
- https://bugzilla.novell.com/show_bug.cgi?id=807241
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/opensuse
- canonical/opensuse
- version/opensuse/11.4
- version/opensuse/12.1
- version/opensuse/12.2
- vendor/nagios
- canonical/nagios remote plugin executor
- version/nagios remote plugin executor/2.13
- version/nagios remote plugin executor/1.3
- version/nagios remote plugin executor/1.4
- version/nagios remote plugin executor/1.5
- version/nagios remote plugin executor/1.6
- version/nagios remote plugin executor/1.7
- version/nagios remote plugin executor/1.8
- version/nagios remote plugin executor/1.9
- version/nagios remote plugin executor/2.0
- version/nagios remote plugin executor/2.0b1
- version/nagios remote plugin executor/2.0b2
- version/nagios remote plugin executor/2.0b3
- version/nagios remote plugin executor/2.0b4
- version/nagios remote plugin executor/2.0b5
- version/nagios remote plugin executor/2.3
- version/nagios remote plugin executor/2.4
- version/nagios remote plugin executor/2.5
- version/nagios remote plugin executor/2.5.1
- version/nagios remote plugin executor/2.5.2
- version/nagios remote plugin executor/2.6
- version/nagios remote plugin executor/2.7
- version/nagios remote plugin executor/2.7.1
- version/nagios remote plugin executor/2.8
- version/nagios remote plugin executor/2.8.1
- version/nagios remote plugin executor/2.8b1
- version/nagios remote plugin executor/2.9
- version/nagios remote plugin executor/2.10
- version/nagios remote plugin executor/2.11
- version/nagios remote plugin executor/2.12