Home page logo

bugtraq logo Bugtraq mailing list archives

OSEC-2013-01: nagios metacharacter filtering omission
From: Rudolph Pereira <rudolph.pereira () occamsec com>
Date: Thu, 21 Feb 2013 15:42:24 -0500

CVE-ID: CVE-2013-1362
CVSS: Base Score 7.5
Vendor: Nagios
Affected Products: NRPE
Affected Platforms: All
Affected versions: < 2.14
Remote Exploitable: Yes
Local Exploitable: No
Patch Status Vendor released a patch (See Solution)
URL: http://www.occamsec.com/vulnerabilities.html#nagios_metacharacter_vulnerability

nrpe 2.13 has, in src/nrpc.c, line 52:

#define NASTY_METACHARS         "|`&><'\"\\[]{};"

This allows the passing of $() to plugins/scripts which, if run under
bash, will execute that shell command under a subprocess and pass the
output as a parameter to the called script. Using this, it is possible
to get called scripts, such as check_http, to execute arbitrary
commands under the uid that NRPE/nagios is running as (typically,

Upgrade to NRPE 2.14 or later, available at

  By Date           By Thread  

Current thread:
  • OSEC-2013-01: nagios metacharacter filtering omission Rudolph Pereira (Feb 22)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]