[Pkg-nagios-devel] Vulnerability for X509 Certificate Verification
formorer at formorer.de
Thu Oct 16 16:17:37 UTC 2014
On Thu, 16 Oct 2014, Jerry Zhang wrote:
> We are a research group trying to use static analysis to find the unsafe usage of APIs.
> Could you please take a look at vulnerability about nagios-nrpe?
You want to read: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=547092
And your bugreport is interesting. NRPE uses some broken SSL, but no x509. So
in it, the report is wrong.
NRPE is broken. Far beyond fixability.
More information about the Pkg-nagios-devel