Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe.
Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe.
http://seclists.org/fulldisclosure/2014/Apr/240 http://seclists.org/oss-sec/2014/q2/154 https://github.com/NagiosEnterprises/nrpe/commit/eaaebb3c2925f9aee74319b61264ee535784b859
This issue can only occur when nrpc is compiled with --enable-command-args and the administrator enables the "dont_blame_nrpe" option in nrpe.conf despite the "HIGH security risk" warning within the comments. Test Exploit: ./check_nrpe -n -H 127.0.0.1 -c check_users -a "`echo -e "\x0a touch /tmp/vulntest "` #" 4