AVG-587

Package nrpe
Status Fixed
Severity High
Type arbitrary command execution
Affected 3.2.1-2
Fixed 3.2.1-3
Current 3.2.1-3 [community]
Ticket FS#57120
Created Tue Jan 16 18:48:48 2018
Issue Severity Remote Type Description
CVE-2014-2913 High Yes Arbitrary command execution
Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands...
CVE-2013-1362 High Yes Arbitrary command execution
Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) might allow remote attackers to execute arbitrary shell commands via...
Date Advisory Package Description
18 Jan 2018 ASA-201801-14 nrpe arbitrary command execution
Notes
Fixed by compiling nrpc without the --enable-command-args option.