Severity High
Remote Yes
Type Arbitrary command execution
Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe.
Group Package Affected Fixed Severity Status Ticket
AVG-587 nrpe 3.2.1-2 3.2.1-3 High Fixed FS#57120
Date Advisory Group Package Severity Description
18 Jan 2018 ASA-201801-14 AVG-587 nrpe High arbitrary command execution
This issue can only occur when nrpc is compiled with --enable-command-args and the administrator enables the "dont_blame_nrpe" option in nrpe.conf despite the "HIGH security risk" warning within the comments.

Test Exploit:
./check_nrpe -n -H  -c check_users -a "`echo -e "\x0a touch /tmp/vulntest "` #" 4