CVE-2014-2913 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Arbitrary command execution
Description	Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-587	nrpe	3.2.1-2	3.2.1-3	High	Fixed	FS#57120

Date	Advisory	Group	Package	Severity	Type
18 Jan 2018	ASA-201801-14	AVG-587	nrpe	High	arbitrary command execution

References
http://seclists.org/fulldisclosure/2014/Apr/240 http://seclists.org/oss-sec/2014/q2/154 https://github.com/NagiosEnterprises/nrpe/commit/eaaebb3c2925f9aee74319b61264ee535784b859

Notes
This issue can only occur when nrpc is compiled with --enable-command-args and the administrator enables the "dont_blame_nrpe" option in nrpe.conf despite the "HIGH security risk" warning within the comments. Test Exploit: ./check_nrpe -n -H 127.0.0.1 -c check_users -a "`echo -e "\x0a touch /tmp/vulntest "` #" 4

Notes

This issue can only occur when nrpc is compiled with --enable-command-args and the administrator enables the "dont_blame_nrpe" option in nrpe.conf despite the "HIGH security risk" warning within the comments.

Test Exploit:
./check_nrpe -n -H 127.0.0.1  -c check_users -a "`echo -e "\x0a touch /tmp/vulntest "` #" 4