Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2014-2913
Description:** DISPUTED ** Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe. NOTE: this issue is disputed by multiple parties. It has been reported that the vendor allows newlines as "expected behavior." Also, this issue can only occur when the administrator enables the "dont_blame_nrpe" option in nrpe.conf despite the "HIGH security risk" warning within the comments.
Test IDs: 1.3.6.1.4.1.25623.1.0.868498   1.3.6.1.4.1.25623.1.0.868557   1.3.6.1.4.1.25623.1.0.120139   1.3.6.1.4.1.25623.1.0.850793   1.3.6.1.4.1.25623.1.1.4.2014.0682.1  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2014-2913
BugTraq ID: 66969
http://www.securityfocus.com/bid/66969
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166528.html
http://seclists.org/fulldisclosure/2014/Apr/240
http://seclists.org/fulldisclosure/2014/Apr/242
http://seclists.org/oss-sec/2014/q2/154
http://seclists.org/oss-sec/2014/q2/155
SuSE Security Announcement: SUSE-SU-2014:0682 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00011.html
SuSE Security Announcement: openSUSE-SU-2014:0594 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-05/msg00005.html
SuSE Security Announcement: openSUSE-SU-2014:0603 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-05/msg00014.html




© 1998-2024 E-Soft Inc. All rights reserved.