nagios remote plug in executor vulnerabilities and exploits

(subscribe to this query)

Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) prior to 2.14 might allow remote malicious users to execute arbitrary shell commands via "$()" shell metacharacters, which are processed by bash.

Opensuse Opensuse 11.4 Opensuse Opensuse 12.1 Opensuse Opensuse 12.2 Nagios Remote Plug In Executor Nagios Remote Plug In Executor 1.3 Nagios Remote Plug In Executor 1.4 Nagios Remote Plug In Executor 1.5 Nagios Remote Plug In Executor 1.6 Nagios Remote Plug In Executor 1.7 Nagios Remote Plug In Executor 1.8 Nagios Remote Plug In Executor 1.9 Nagios Remote Plug In Executor 2.0

1 EDB exploit

Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call.

Nagios Remote Plug In Executor 3.2.1 Fedoraproject Fedora 32

Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets \n as the character \ and the character n (not as the \n newline sequence). This can cause command injection.

Nagios Remote Plug In Executor 3.2.1 Fedoraproject Fedora 32

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook