[Pkg-nagios-devel] Bug#745272: Bug#745272: NRPE - Nagios Remote Plugin Executor <= 2.15 Remote CommandExecution, POC released
Alexander Wirt
formorer at debian.org
Sun Apr 20 06:35:45 UTC 2014
On Sun, 20 Apr 2014, Markus Manzke wrote:
> Package: nagios-nrpe-server
> Severity: critical
> Tags: security
>
> NRPE fails to check input when a newline-character is issued
>
> POC has been released and works on debian 7, no CVE assigned yet
>
> http://seclists.org/fulldisclosure/2014/Apr/240
> http://seclists.org/oss-sec/2014/q2/136
There is a good reason we don't recommend using arguments...
Alex
More information about the Pkg-nagios-devel
mailing list