CVE-2014-2913

Source
Severity High
Remote Yes
Type Arbitrary command execution
Description
Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe.
Group Package Affected Fixed Severity Status Ticket
AVG-587 nrpe 3.2.1-2 3.2.1-3 High Fixed FS#57120
Date Advisory Group Package Severity Description
18 Jan 2018 ASA-201801-14 AVG-587 nrpe High arbitrary command execution
References
http://seclists.org/fulldisclosure/2014/Apr/240
http://seclists.org/oss-sec/2014/q2/154
https://github.com/NagiosEnterprises/nrpe/commit/eaaebb3c2925f9aee74319b61264ee535784b859
Notes
This issue can only occur when nrpc is compiled with --enable-command-args and the administrator enables the "dont_blame_nrpe" option in nrpe.conf despite the "HIGH security risk" warning within the comments.

Test Exploit:
./check_nrpe -n -H 127.0.0.1  -c check_users -a "`echo -e "\x0a touch /tmp/vulntest "` #" 4