CVE-2013-1362

Priority
Description
Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In
Executor (NRPE) before 2.14 might allow remote attackers to execute
arbitrary shell commands via "$()" shell metacharacters, which are
processed by bash.
Notes
jdstrandThis is a problem but requires 'dont_blame_nrpe' to be set in
/etc/nagios/nrpe.cfg. This is set to '0' in Ubuntu and there are significant
warnings in /etc/nagios/nrpe.cfg about the security risks of enabling
external command arguments.
Package
Upstream:released (2.14)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [2.15-0ubuntu1])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2.15-0ubuntu1)
More Information

Updated: 2019-12-05 21:02:57 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)