AVG-587 log
| Package | nrpe |
| Status | Fixed |
| Severity | High |
| Type | arbitrary command execution |
| Affected | 3.2.1-2 |
| Fixed | 3.2.1-3 |
| Current | 4.1.0-3 [extra] |
| Ticket | FS#57120 |
| Created | Tue Jan 16 18:48:48 2018 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2014-2913 | High | Yes | Arbitrary command execution | Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands... |
| CVE-2013-1362 | High | Yes | Arbitrary command execution | Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) might allow remote attackers to execute arbitrary shell commands via... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 18 Jan 2018 | ASA-201801-14 | nrpe | arbitrary command execution |
| Notes |
|---|
Fixed by compiling nrpc without the --enable-command-args option. |