[Pkg-nagios-devel] Vulnerability for X509 Certificate Verification
Alexander Wirt
formorer at formorer.de
Thu Oct 16 16:17:37 UTC 2014
On Thu, 16 Oct 2014, Jerry Zhang wrote:
> Hello,
>
> We are a research group trying to use static analysis to find the unsafe usage of APIs.
> Could you please take a look at vulnerability about nagios-nrpe?
> https://bugs.launchpad.net/ubuntu/+source/nagios-nrpe/+bug/1380229
You want to read: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=547092
And your bugreport is interesting. NRPE uses some broken SSL, but no x509. So
in it, the report is wrong.
NRPE is broken. Far beyond fixability.
Alex
More information about the Pkg-nagios-devel
mailing list