Important: nrpe

2014-09-15T23:31:00
ID ALAS-2013-203
Type amazon
Reporter Amazon
Modified 2014-09-15T23:31:00

Description

Issue Overview:

Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters, which are processed by bash.

Affected Packages:

nrpe

Issue Correction:
Run yum update nrpe to update your system.

New Packages:

i686:  
    nagios-plugins-nrpe-2.14-3.5.amzn1.i686  
    nrpe-2.14-3.5.amzn1.i686  
    nrpe-debuginfo-2.14-3.5.amzn1.i686

src:  
    nrpe-2.14-3.5.amzn1.src

x86_64:  
    nagios-plugins-nrpe-2.14-3.5.amzn1.x86_64  
    nrpe-2.14-3.5.amzn1.x86_64  
    nrpe-debuginfo-2.14-3.5.amzn1.x86_64