Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via “$()” shell metacharacters, which are processed by bash.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | nagios-nrpe | < 2.13-3 | nagios-nrpe_2.13-3_all.deb |
Debian | 11 | all | nagios-nrpe | < 2.13-3 | nagios-nrpe_2.13-3_all.deb |
Debian | 10 | all | nagios-nrpe | < 2.13-3 | nagios-nrpe_2.13-3_all.deb |
Debian | 999 | all | nagios-nrpe | < 2.13-3 | nagios-nrpe_2.13-3_all.deb |
Debian | 13 | all | nagios-nrpe | < 2.13-3 | nagios-nrpe_2.13-3_all.deb |