CVE-2013-1362

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-1362 at MITRE

Description

Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters, which are processed by bash.
CVSS v2 Scores
  National Vulnerability Database
Base Score 7.48
Vector AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial

SUSE information

SUSE Bugzilla entry: 807241 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11 SP2
  • nagios-nrpe >= 2.12-24.4.8.1
  • nagios-nrpe-doc >= 2.12-24.4.8.1
  • nagios-plugins-nrpe >= 2.12-24.4.8.1
Patchnames:
slessp2-nagios-nrpe
SUSE Linux Enterprise Server 11 SP3
  • nagios-nrpe >= 2.12-24.4.8.1
  • nagios-nrpe-doc >= 2.12-24.4.8.1
  • nagios-plugins-nrpe >= 2.12-24.4.8.1
Patchnames:
slessp3-nagios-nrpe
SUSE Linux Enterprise Server for VMWare 11 SP2
  • nagios-nrpe >= 2.12-24.4.8.1
  • nagios-nrpe-doc >= 2.12-24.4.8.1
  • nagios-plugins-nrpe >= 2.12-24.4.8.1
Patchnames:
slessp2-nagios-nrpe
SUSE Linux Enterprise Server for VMWare 11 SP3
  • nagios-nrpe >= 2.12-24.4.8.1
  • nagios-nrpe-doc >= 2.12-24.4.8.1
  • nagios-plugins-nrpe >= 2.12-24.4.8.1
Patchnames:
slessp3-nagios-nrpe
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • nagios-nrpe >= 2.12-24.4.8.1
  • nagios-nrpe-doc >= 2.12-24.4.8.1
  • nagios-plugins-nrpe >= 2.12-24.4.8.1
Builds
SAT Patch Nr: 8033
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • nagios-nrpe >= 2.12-24.4.8.1
  • nagios-nrpe-doc >= 2.12-24.4.8.1
  • nagios-plugins-nrpe >= 2.12-24.4.8.1
Builds
SAT Patch Nr: 8032
openSUSE Evergreen 11.4
  • nagios-nrpe >= 2.12-25.2
  • nagios-nrpe-debuginfo >= 2.12-25.2
  • nagios-nrpe-debugsource >= 2.12-25.2
  • nagios-nrpe-doc >= 2.12-25.2
  • nagios-plugins-nrpe >= 2.12-25.2
  • nagios-plugins-nrpe-debuginfo >= 2.12-25.2
Patchnames:
2013-55