SAINT CorporationSAINT:21BB3E24EB9AE6BD8636B7F5A2A455A3Nagios Remote Plugin Executor Metacharacter Filtering Omission
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.959 High
EPSS
Percentile
99.3%
Added: 05/13/2013
CVE: CVE-2013-1362
BID: 58142
OSVDB: 90582
Background
Nagios is a network host and service monitoring and management system. Nagios Remote Plugin Executor (NRPE) is an addon for Nagios that allows remote execution of Nagios plugins on other Linux/Unix machines.
Problem
Nagios Remote Plugin Executor (NRPE) before 2.14, when compiled with **--enable-command-args** (usually set by default) contains a vulnerability that is triggered when input passed via **$()** is not properly sanitized before being used in plugins/scripts. If the plugins/ scripts are run under the bash shell, bash will execute that shell command and pass the output as a parameter to the called script. A remote attacker could exploit this vulnerability to execute arbitrary commands in the context of the NRPE/Nagios application.
Resolution
Upgrade to NRPE 2.14 or later.
References
<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701227>
Limitations
This exploit was tested against Nagios Enterprises Nagios Remote Plugin Executor 2.13 on CentOS Project CentOS 6 (Exec-Shield Enabled).
The Perl modules MIME::Base64 and String::CRC32 are required to run the exploit. The Netcat utility (nc) must be installed on the target.
Platforms
Linux
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.959 High
EPSS
Percentile
99.3%