oss-sec mailing list archives
Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution
From: John Haxby <john.haxby () oracle com>
Date: Fri, 18 Apr 2014 09:03:17 +0100
On 18 Apr 2014, at 07:16, gremlin () gremlin ru wrote:
On 18-Apr-2014 10:14:16 +0800, Eduardo Tongson wrote:Details: http://seclists.org/fulldisclosure/2014/Apr/240 Fix:--- nrpe/src/nrpe.c +++ nrpe/src/nrpe.c -#define NASTY_METACHARS "|`&><'\"\\[]{};" +#define NASTY_METACHARS "|`&><'\"\\[]{};\n"Adding \r here may be a good idea as well...
And ‘$’ you have ` but you don’t guard against $(do something unpleasant). jch
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
Current thread:
- CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution Eduardo Tongson (Apr 17)
- Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution gremlin (Apr 17)
- Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution John Haxby (Apr 18)
- Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution Reed Loden (Apr 18)
- Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution John Haxby (Apr 18)
- Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution cve-assign (Apr 21)
- Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution Eduardo Tongson (Apr 22)
- Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution Martin Carpenter (Apr 21)
- Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution gremlin (Apr 17)