Upstream information

CVE-2013-1362 at MITRE

Description

Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters, which are processed by bash.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 7.5
Vector AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entry: 807241 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11 SP2
  • nagios-nrpe >= 2.12-24.4.8.1
  • nagios-nrpe-doc >= 2.12-24.4.8.1
  • nagios-plugins-nrpe >= 2.12-24.4.8.1
Patchnames:
slessp2-nagios-nrpe
SUSE Linux Enterprise Server 11 SP3
  • nagios-nrpe >= 2.12-24.4.8.1
  • nagios-nrpe-doc >= 2.12-24.4.8.1
  • nagios-plugins-nrpe >= 2.12-24.4.8.1
Patchnames:
slessp3-nagios-nrpe
SUSE Linux Enterprise Server 11 SP4
  • nagios-nrpe >= 2.12-24.4.10.1
  • nagios-nrpe-doc >= 2.12-24.4.10.1
  • nagios-plugins-nrpe >= 2.12-24.4.10.1
Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA nagios-nrpe
SUSE Linux Enterprise Server for VMWare 11 SP2
  • nagios-nrpe >= 2.12-24.4.8.1
  • nagios-nrpe-doc >= 2.12-24.4.8.1
  • nagios-plugins-nrpe >= 2.12-24.4.8.1
Patchnames:
slessp2-nagios-nrpe
SUSE Linux Enterprise Server for VMWare 11 SP3
  • nagios-nrpe >= 2.12-24.4.8.1
  • nagios-nrpe-doc >= 2.12-24.4.8.1
  • nagios-plugins-nrpe >= 2.12-24.4.8.1
Patchnames:
slessp3-nagios-nrpe
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • nagios-nrpe >= 2.12-24.4.8.1
  • nagios-nrpe-doc >= 2.12-24.4.8.1
  • nagios-plugins-nrpe >= 2.12-24.4.8.1
Builds
SAT Patch Nr: 8033
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • nagios-nrpe >= 2.12-24.4.8.1
  • nagios-nrpe-doc >= 2.12-24.4.8.1
  • nagios-plugins-nrpe >= 2.12-24.4.8.1
Builds
SAT Patch Nr: 8032


Status of this issue by product and package

Product(s) Source package State
SUSE Linux Enterprise Server 11 SP1 nagios-nrpe Released
SUSE Linux Enterprise Server 11 SP1 LTSS nagios-nrpe Released
SUSE Linux Enterprise Server 11 SP2 nagios-nrpe Released
SUSE Linux Enterprise Server 11 SP2 LTSS nagios-nrpe Released
SUSE Linux Enterprise Server 11 SP3 nagios-nrpe Released
SUSE Linux Enterprise Server 11 SP3 LTSS nagios-nrpe Released
SUSE Linux Enterprise Server 11 SP4 nagios-nrpe Released
SUSE Linux Enterprise Server for SAP 11 SP2 nagios-nrpe Released
SUSE Linux Enterprise Server for SAP AIO 11 SP1 nagios-nrpe Released
SUSE Linux Enterprise Server for SAP ES 11 SP1 nagios-nrpe Released