CVE-2013-1362 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Arbitrary command execution
Description	Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters, which are processed by bash.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-587	nrpe	3.2.1-2	3.2.1-3	High	Fixed	FS#57120

Date	Advisory	Group	Package	Severity	Type
18 Jan 2018	ASA-201801-14	AVG-587	nrpe	High	arbitrary command execution

References
http://seclists.org/bugtraq/2013/Feb/119 https://github.com/NagiosEnterprises/nrpe/commit/eaaebb3c2925f9aee74319b61264ee535784b859

Notes
This issue can only occur when nrpc is compiled with --enable-command-args and the administrator enables the "dont_blame_nrpe" option in nrpe.conf despite the "HIGH security risk" warning within the comments. Test Exploit: # ./check_nrpe -n -H 127.0.0.1 -c check_disk -a "-c $(touch /tmp/VULNERABLE)"

Notes

This issue can only occur when nrpc is compiled with --enable-command-args and the administrator enables the "dont_blame_nrpe" option in nrpe.conf despite the "HIGH security risk" warning within the comments.

Test Exploit:
# ./check_nrpe -n -H 127.0.0.1 -c check_disk -a "-c $(touch /tmp/VULNERABLE)"