QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2014-2913

Back to search

CVE-2014-2913

Published: May 7, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe. NOTE: this issue is disputed by multiple parties. It has been reported that the vendor allows newlines as "expected behavior." Also, this issue can only occur when the administrator enables the "dont_blame_nrpe" option in nrpe.conf despite the "HIGH security risk" warning within the comments

VendorProductVersions

n/a

n/a

affected
n/a

References

openSUSE-SU-2014:0603
vendor-advisory
x_refsource_SUSE
66969
vdb-entry
x_refsource_BID
FEDORA-2015-15398
vendor-advisory
x_refsource_FEDORA
openSUSE-SU-2014:0594
vendor-advisory
x_refsource_SUSE
SUSE-SU-2014:0682
vendor-advisory
x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now