oss-sec mailing list archives
Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution
From: gremlin () gremlin ru
Date: Fri, 18 Apr 2014 10:16:14 +0400
On 18-Apr-2014 10:14:16 +0800, Eduardo Tongson wrote:
Details: http://seclists.org/fulldisclosure/2014/Apr/240 Fix:
--- nrpe/src/nrpe.c
+++ nrpe/src/nrpe.c
-#define NASTY_METACHARS "|`&><'\"\\[]{};"
+#define NASTY_METACHARS "|`&><'\"\\[]{};\n"
Adding \r here may be a good idea as well... -- Alexey V. Vissarionov aka Gremlin from Kremlin <gremlin ПРИ gremlin ТЧК ru> GPG: 8832FE9FA791F7968AC96E4E909DAC45EF3B1FA8 @ hkp://keys.gnupg.net
Attachment:
_bin
Description:
Current thread:
- CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution Eduardo Tongson (Apr 17)
- Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution gremlin (Apr 17)
- Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution John Haxby (Apr 18)
- Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution Reed Loden (Apr 18)
- Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution John Haxby (Apr 18)
- Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution cve-assign (Apr 21)
- Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution Eduardo Tongson (Apr 22)
- Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution Martin Carpenter (Apr 21)
- Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution gremlin (Apr 17)