Candidate: CVE-2020-6581
PublicDate: 2020-03-16 18:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6581
 https://herolab.usd.de/security-advisories/
 https://herolab.usd.de/security-advisories/usd-2020-0002/
Description:
 Nagios NRPE 3.2.1 has Insufficient Filtering because, for example,
 nasty_metachars interprets \n as the character \ and the character n (not
 as the \n newline sequence). This can cause command injection.
Ubuntu-Description:
Notes:
 leosilva> fix in the commit link are the part for proper
 leosilva> processing of nasty_metachars
Mitigation:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H [7.3 HIGH]


Patches_nagios-nrpe:
 upstream: https://github.com/NagiosEnterprises/nrpe/commit/0db345444d0dcb3e37cca1bcbb0027dcbb764197
upstream_nagios-nrpe: released (4.0.0-1)
precise/esm_nagios-nrpe: DNE
trusty_nagios-nrpe: ignored (out of standard support)
trusty/esm_nagios-nrpe: DNE
xenial_nagios-nrpe: not-affected (code not present)
esm-infra/xenial_nagios-nrpe: not-affected (code not present)
bionic_nagios-nrpe: needed
eoan_nagios-nrpe: ignored (reached end-of-life)
focal_nagios-nrpe: not-affected (4.0.0-2ubuntu1)
groovy_nagios-nrpe: not-affected (4.0.0-2ubuntu1)
hirsute_nagios-nrpe: not-affected (4.0.0-2ubuntu1)
impish_nagios-nrpe: not-affected (4.0.0-2ubuntu1)
jammy_nagios-nrpe: not-affected (4.0.0-2ubuntu1)
devel_nagios-nrpe: not-affected (4.0.0-2ubuntu1)