oss-sec mailing list archives
CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution
From: Eduardo Tongson <propolice () gmail com>
Date: Fri, 18 Apr 2014 10:14:16 +0800
Details: http://seclists.org/fulldisclosure/2014/Apr/240 This is similar to CVE-2013-1362 Is there a CVE already assigned for this issue? Fix: --- nrpe/src/nrpe.c +++ nrpe/src/nrpe.c @@ -42,7 +42,7 @@ int use_ssl=FALSE; #define DEFAULT_COMMAND_TIMEOUT 60 /* default timeout for execution of plugins */ #define MAXFD 64 -#define NASTY_METACHARS "|`&><'\"\\[]{};" +#define NASTY_METACHARS "|`&><'\"\\[]{};\n" char *command_name=NULL; char *macro_argv[MAX_COMMAND_ARGUMENTS];
Current thread:
- CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution Eduardo Tongson (Apr 17)
- Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution gremlin (Apr 17)
- Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution John Haxby (Apr 18)
- Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution Reed Loden (Apr 18)
- Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution John Haxby (Apr 18)
- Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution cve-assign (Apr 21)
- Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution Eduardo Tongson (Apr 22)
- Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution Martin Carpenter (Apr 21)
- Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution gremlin (Apr 17)