NRPE 'nrpc.c' Arbitrary Command Execution Vulnerability
BID:58142
Info
NRPE 'nrpc.c' Arbitrary Command Execution Vulnerability
| Bugtraq ID: | 58142 |
| Class: | Input Validation Error |
| CVE: |
CVE-2013-1362 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 21 2013 12:00AM |
| Updated: | May 07 2015 05:17PM |
| Credit: | Rudolph Pereira |
| Vulnerable: |
SuSE SUSE Linux Enterprise Server 11 SP3 for VMware SuSE SUSE Linux Enterprise Server 11 SP3 SuSE SUSE Linux Enterprise Server 11 SP2 for VMware SuSE SUSE Linux Enterprise Server 11 SP2 S.u.S.E. openSUSE 12.2 S.u.S.E. openSUSE 12.1 S.u.S.E. openSUSE 11.4 Nagios NRPE 2.13 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 Gentoo Linux |
| Not Vulnerable: |
Nagios NRPE 2.14 |
Discussion
NRPE 'nrpc.c' Arbitrary Command Execution Vulnerability
NRPE is prone to a remote arbitrary command-execution vulnerability because it fails to properly validate user-supplied input.
An attacker can exploit this issue to execute arbitrary commands within the context of the vulnerable application.
NRPE 2.13 is vulnerable; other versions may also be affected.
NRPE is prone to a remote arbitrary command-execution vulnerability because it fails to properly validate user-supplied input.
An attacker can exploit this issue to execute arbitrary commands within the context of the vulnerable application.
NRPE 2.13 is vulnerable; other versions may also be affected.
Exploit / POC
NRPE 'nrpc.c' Arbitrary Command Execution Vulnerability
Attackers can use a browser to exploit this issue.
The following exploit is available:
Attackers can use a browser to exploit this issue.
The following exploit is available:
Solution / Fix
NRPE 'nrpc.c' Arbitrary Command Execution Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
NRPE 'nrpc.c' Arbitrary Command Execution Vulnerability
References:
References: