[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

openSUSE-SU-2013:0621-1 -- Suse NRPE

ID: oval:org.secpod.oval:def:400525Date: (C)2013-04-09   (M)2021-09-11
Class: PATCHFamily: unix




NRPE allows the passing of $ to plugins/scripts which, if run under bash, will execute that shell command under a subprocess and pass the output as a parameter to the called script. Using this, it is possible to get called scripts, such as check_http, to execute arbitrary commands under the uid that NRPE/nagios is running as . With this update NRPE will deny remote requests containing a bash command substitution.

Platform:
openSUSE 12.2
openSUSE 12.1
Product:
NRPE
Reference:
openSUSE-SU-2013:0621-1
CVE-2013-1362
CVE    1
CVE-2013-1362
CPE    2
cpe:/o:opensuse:opensuse:12.2
cpe:/o:opensuse:opensuse:12.1

© SecPod Technologies