21 matches found
SUSE: Security Advisory (SUSE-SU-2013:1219-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[ASA-201801-14] nrpe: arbitrary command execution
Arch Linux Security Advisory ASA-201801-14 ========================================== Severity: High Date : 2018-01-18 CVE-ID : CVE-2013-1362 CVE-2014-2913 Package : nrpe Type : arbitrary command execution Remote : Yes Link : https://security.archlinux.org/AVG-587 Summary ======= The package nrpe...
GLSA-201408-18 : NRPE: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201408-18 NRPE: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in NRPE. Please review the CVE identifiers referenced below for details. Impact : A remote attacker can utilize multiple vectors to execute...
openSUSE Security Update : nagios-nrpe (openSUSE-SU-2013:0621-1)
NRPE the Nagios Remote Plug-In Executor allows the passing of $ to plugins/scripts which, if run under bash, will execute that shell command under a subprocess and pass the output as a parameter to the called script. Using this, it is possible to get called scripts, such as checkhttp, to execute...
SuSE 11.2 / 11.3 Security Update : nagios-nrpe, nagios-plugins-nrpe (SAT Patch Numbers 8032 / 8033)
Nagios NRPE was updated to add more blacklisting to avoid shell injection via nagios request packets. CVE-2013-1362 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text itself is...
Fedora 18 : nrpe-2.14-3.fc18 (2013-9848)
Update to 2.14 upstream for security fix and misc other bugfixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...
Fedora 19 : nrpe-2.14-3.fc19 (2013-9829)
Update to 2.14 upstream to fix security issue. Misc other bugfixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...
Fedora 17 : nrpe-2.14-3.fc17 (2013-9836)
Update to 2.14 upstream for security fix and misc other bugfixes. Fixes a mistake in the service file which prevented the NRPE daemon from being started Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempt...
CVE-2013-1362
Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor NRPE before 2.14 might allow remote attackers to execute arbitrary shell commands via "$" shell metacharacters, which are processed by bash...
DEBIAN-CVE-2013-1362
Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor NRPE before 2.14 might allow remote attackers to execute arbitrary shell commands via "$" shell metacharacters, which are processed by bash...
CVE-2013-1362
Nrpe (Nagios NRPE) is affected by CVE-2013-1362 due to an incomplete blacklist in nrpc.c, enabling remote arbitrary command execution via $() metacharacters. Arch Linux ASA-201801-14 specifies the fix: upgrade nrpe to 3.2.1-3 (for NRPE >= 3.2.1-3) and notes a workaround: disable the dont_blame...
CVE-2013-1362
Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor NRPE before 2.14 might allow remote attackers to execute arbitrary shell commands via "$" shell metacharacters, which are processed by bash...
Nagios Remote Plugin Executor Arbitrary Command Execution (CVE-2013-1362)
A command execution vulnerability has been reported in Nagios Remote Plugin Executor...
Fedora Update for nrpe FEDORA-2013-9836
Check for the Version of nrpe OpenVAS Vulnerability Test Fedora Update for nrpe FEDORA-2013-9836 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...
Fedora Update for nrpe FEDORA-2013-9836
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for nrpe FEDORA-2013-9848
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scripttagname:"affected", value:"nrp...
Nagios Remote Plugin Executor Metacharacter Filtering Omission
Added: 05/13/2013 CVE: CVE-2013-1362 BID: 58142 OSVDB: 90582 Background Nagios is a network host and service monitoring and management system. Nagios Remote Plugin Executor NRPE is an addon for Nagios that allows remote execution of Nagios plugins on other Linux/Unix machines. Problem Nagios Remo...
CVE-2013-1362
creationtimestamp| type| source ---|---|--- 2013-04-12 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/24955 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/misc/nagiosnrpearguments.rb 2025-02-06 03:13:41+00:00| see...
Nagios Remote Plugin Executor Arbitrary Command Execution
The Nagios Remote Plugin Executor NRPE is installed to allow a central Nagios server to actively poll information from the hosts it monitors. NRPE has a configuration option dontblamenrpe which enables command-line arguments to be provided remote plugins. When this option is enabled, even when NR...
Nagios Remote Plugin Executor - Arbitrary Command Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'zlib' class Metasploit3 'Nagios Remote Plugin...