oss-sec mailing list archives

Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution

From: Reed Loden <reed () reedloden com>
Date: Fri, 18 Apr 2014 01:16:05 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 18 Apr 2014 09:03:17 +0100
John Haxby <john.haxby () oracle com> wrote:

And ‘$’   you have ` but you don’t guard against $(do something unpleasant).


See the original advisory
(http://seclists.org/fulldisclosure/2014/Apr/240), which calls bash
command substitutions out as being handled already.

Specifically:

""""
The code is also making sure that arguments do not contain bash command
substitution i.e. $(ps aux)

if(strstr(macro_argv[x],"$(")) {
        syslog(LOG_ERR,"Error: Request contained a bash command
substitution!"); return ERROR;
""""

~reed
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iKYEARECAGYFAlNQ30xfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
bnBncC5maWZ0aGhvcnNlbWFuLm5ldDZCNTZGOUFDMDdCNjg1RDdEQzQ1NjBEQTZC
QTIyMjI2RjNDMzNENUEACgkQa6IiJvPDPVojoQCfanlDh9kJQi2iZB4JX55fGoL6
hqsAoNhC4WFK/R3CqUdu6XfZObfnyWFY
=KpWS
-----END PGP SIGNATURE-----

Current thread:

CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution Eduardo Tongson (Apr 17)
- Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution gremlin (Apr 17)
  - Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution John Haxby (Apr 18)
    - Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution Reed Loden (Apr 18)
- Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution cve-assign (Apr 21)
  - Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution Eduardo Tongson (Apr 22)
- Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution Martin Carpenter (Apr 21)