[Pkg-nagios-devel] Vulnerability for X509 Certificate Verification

Alexander Wirt formorer at formorer.de
Thu Oct 16 16:17:37 UTC 2014

On Thu, 16 Oct 2014, Jerry Zhang wrote:

> Hello,
> We are a research group trying to use static analysis to find the unsafe usage of APIs.
> Could you please take a look at vulnerability about nagios-nrpe?
> https://bugs.launchpad.net/ubuntu/+source/nagios-nrpe/+bug/1380229
You want to read: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=547092

And your bugreport is interesting. NRPE uses some broken SSL, but no x509. So
in it, the report is wrong.

NRPE is broken. Far beyond fixability.


More information about the Pkg-nagios-devel mailing list