oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution

From: cve-assign () mitre org
Date: Tue, 22 Apr 2014 00:11:55 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


http://seclists.org/fulldisclosure/2014/Apr/240



src/nrpe.c



Despite these checks the code is vulnerable to command injection as bash shell allows
for multiple command execution if commands are separated by a new line.


Use CVE-2014-2913.



From: gremlin () gremlin ru
Date: Fri, 18 Apr 2014 10:16:14 +0400
Message-ID: <20140418061614.GA16766 () gremlin ru>



Adding \r here may be a good idea as well...


We have not seen additional comments about whether \r would prevent an
alternate attack approach. If it does, a separate CVE ID would be
assigned. We do not know of a version of Bash in which \r separates
commands in the same way that \n does. For example:

  % /bin/bash -c "`echo -e "echo a\x0aecho b"`" | cat -v
  a
  b
  % /bin/bash -c "`echo -e "echo a\x0decho b"`" | cat -v
  a^Mecho b

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTVetTAAoJEKllVAevmvms/44H/3ZWzK46mWsp/xuIWS7yhsP/
wcCPcekjZfp3azr+gY9cMHMiW685CSxptfB/rFLZDB2lb2OJrF9yqGgix5XKDR5e
cNJXiZZwQMh2vFs8ZlWQcX7ndHFs5DR8RSpqGW35u+LmVNHjFSPj2+ZwrIWhKvwA
T6rr825ge9DQKsuqrD7gTbH0t2ld3Z6/Q8r709pqYXDrTSjDMwUkbpe95i9N1NSl
mSdIghtLG/0yOnn6GcRQYGRRCsU6F1CZjPsRb87jxGpGsAFP8nkYgMlWZPIjEud1
lt/Oe5Si/QPymqkawelm6PBAcbdVmmkbhcCr7cDPdLKJeG5PTC6ywQDoRFr8Yb0=
=Sg8i
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: