You are here

CVE-2013-1362

Vincent (CVE) Danen's picture
Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters, which are processed by bash.

Details Source

Mitre

Public Date

2013-02-21 00:00:00

Impact

Important

Bugzilla

CVE-2013-1362 Nagios NRPE: nagios metacharacter filtering omission

Bugzilla ID

916 947

CVSS Status

draft

Base Score

7.50

Base Metrics

AV:N/AC:L/Au:N/C:P/I:P/A:P

External References

http://seclists.org/bugtraq/2013/Feb/119
http://www.occamsec.com/vulnerabilities.html#nagios_metacharacter_vulnerability

CWE

CWE-78

Affected Packages State

Platform Package State
Red Hat OpenStack Platform 2.1 nrpe Affected
Red Hat Enterprise Linux OpenStack Platform 4.0 nrpe Affected
Red Hat Enterprise Linux OpenStack Platform 3.0 nrpe Affected