Vigil@nce - Nagios: shell command execution via NRPE
May 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can request Nagios NRPE to execute a plugin with a
special parameter, in order to execute a shell command on the
server.
Impacted products: Nagios Open Source, openSUSE
Severity: 2/4
Creation date: 18/04/2014
DESCRIPTION OF THE VULNERABILITY
The Nagios NRPE (Nagios Remote Plugin Executor) service executes
plugins remotely.
The Bash shell interpreter supports the line feed as a separator
between commands.
The src/nrpe.c file filters special characters, before executing a
shell command. However, the ’\n’ character is not forbidden.
An attacker can therefore request Nagios NRPE to execute a plugin
with a special parameter, in order to execute a shell command on
the server.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Nagios-shell-command-execution-via-NRPE-14616