2 matches found
Amazon Linux AMI : nrpe (ALAS-2014-364)
DISPUTED Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor NRPE 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/checknrpe. NOTE: this issue is disputed by multiple parties. It has been reported...
CVE-2014-2913
CVE-2014-2913 affects Nagios NRPE = 3.2.1-3 or disabling the dont_blame_nrpe option as a workaround. Gentoo GLSA, Mageia MGASA, and various Fedora advisories reference CVE-2014-2913 and advocate upgrading NRPE.Remediation: upgrade NRPE to a non-vulnerable version (examples: Fedora/Mageia/Arch gui...