oss-sec mailing list archives
Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution
From: cve-assign () mitre org
Date: Tue, 22 Apr 2014 00:11:55 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
http://seclists.org/fulldisclosure/2014/Apr/240
src/nrpe.c
Despite these checks the code is vulnerable to command injection as bash shell allows for multiple command execution if commands are separated by a new line.
Use CVE-2014-2913.
From: gremlin () gremlin ru Date: Fri, 18 Apr 2014 10:16:14 +0400 Message-ID: <20140418061614.GA16766 () gremlin ru>
Adding \r here may be a good idea as well...
We have not seen additional comments about whether \r would prevent an alternate attack approach. If it does, a separate CVE ID would be assigned. We do not know of a version of Bash in which \r separates commands in the same way that \n does. For example: % /bin/bash -c "`echo -e "echo a\x0aecho b"`" | cat -v a b % /bin/bash -c "`echo -e "echo a\x0decho b"`" | cat -v a^Mecho b - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTVetTAAoJEKllVAevmvms/44H/3ZWzK46mWsp/xuIWS7yhsP/ wcCPcekjZfp3azr+gY9cMHMiW685CSxptfB/rFLZDB2lb2OJrF9yqGgix5XKDR5e cNJXiZZwQMh2vFs8ZlWQcX7ndHFs5DR8RSpqGW35u+LmVNHjFSPj2+ZwrIWhKvwA T6rr825ge9DQKsuqrD7gTbH0t2ld3Z6/Q8r709pqYXDrTSjDMwUkbpe95i9N1NSl mSdIghtLG/0yOnn6GcRQYGRRCsU6F1CZjPsRb87jxGpGsAFP8nkYgMlWZPIjEud1 lt/Oe5Si/QPymqkawelm6PBAcbdVmmkbhcCr7cDPdLKJeG5PTC6ywQDoRFr8Yb0= =Sg8i -----END PGP SIGNATURE-----
Current thread:
- CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution Eduardo Tongson (Apr 17)
- Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution gremlin (Apr 17)
- Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution John Haxby (Apr 18)
- Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution Reed Loden (Apr 18)
- Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution John Haxby (Apr 18)
- Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution cve-assign (Apr 21)
- Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution Eduardo Tongson (Apr 22)
- Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution Martin Carpenter (Apr 21)
- Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution gremlin (Apr 17)