APP: Nagios Remote Plugin Executor Command Injection
This signature detects attempts to exploit a known vulnerability against Nagios NRPE. A successful attack can lead to arbitrary command injection and execution.
Extended Description
Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe. NOTE: this issue is disputed by multiple parties. It has been reported that the vendor allows newlines as "expected behavior." Also, this issue can only occur when the administrator enables the "dont_blame_nrpe" option in nrpe.conf despite the "HIGH security risk" warning within the comments
Affected Products
Opensuse opensuse
Short Name
APP:MISC:NAGIOS-NRPE-CHKUSRS-CI
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
CVE-2014-2913 Command Executor Injection Nagios Plugin Remote bid:66969
Release Date
06/02/2014
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3650
Port
TCP/5666
False Positive
Unknown
Vendors
Opensuse
Nagios
CVSS Score
7.5