Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Maintenance:1423
patchinfo
_patchinfo
Overview
Details
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo
<patchinfo incident="nagios-nrpe"> <packager>lrupp</packager> <issue tracker="cve" id="CVE-2013-1362"></issue> <issue tracker="bnc" id="807241">VUL-0: CVE-2013-1362: nagios / nrpe: blacklist test fails to properly match all potential metacharacters</issue> <category>security</category> <rating>important</rating> <summary>NRPE metacharacter filtering omission</summary> <description>NRPE (the Nagios Remote Plug-In Executor) allows the passing of $() to plugins/scripts which, if run under bash, will execute that shell command under a subprocess and pass the output as a parameter to the called script. Using this, it is possible to get called scripts, such as check_http, to execute arbitrary commands under the uid that NRPE/nagios is running as (typically, 'nagios'). With this update NRPE will deny remote requests containing a bash command substitution.</description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor