Bug 916947 - (CVE-2013-1362) CVE-2013-1362 Nagios NRPE: nagios metacharacter filtering omission
CVE-2013-1362 Nagios NRPE: nagios metacharacter filtering omission
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,public=20130221,repo...
: Security
Depends On: 916949 916950 918302 994768 994770 994771
Blocks: 958515
  Show dependency treegraph
 
Reported: 2013-03-01 04:57 EST by Kurt Seifried
Modified: 2016-04-26 17:53 EDT (History)
13 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-03-06 21:19:11 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Kurt Seifried 2013-03-01 04:57:49 EST
Rudolph Pereira (rudolph.pereira@occamsec.com) reports:

Summary:
---------------
CVE-ID: CVE-2013-1362
CVSS: Base Score 7.5
CVSS2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:UC/CDP:N/TD:N/CR:L/IR:L/AR:L
Vendor: Nagios
Affected Products: NRPE
Affected Platforms: All
Affected versions: < 2.14
Remote Exploitable: Yes
Local Exploitable: No
Patch Status Vendor released a patch (See Solution)
URL: http://www.occamsec.com/vulnerabilities.html#nagios_metacharacter_vulnerability

Description
----------------
nrpe 2.13 has, in src/nrpc.c, line 52:

#define NASTY_METACHARS         "|`&><'\"\\[]{};"

This allows the passing of $() to plugins/scripts which, if run under
bash, will execute that shell command under a subprocess and pass the
output as a parameter to the called script. Using this, it is possible
to get called scripts, such as check_http, to execute arbitrary
commands under the uid that NRPE/nagios is running as (typically,
'nagios').

Solution
------------
Upgrade to NRPE 2.14 or later, available at
http://sourceforge.net/projects/nagios/files/nrpe-2.x/

External References:

http://seclists.org/bugtraq/2013/Feb/119
http://www.occamsec.com/vulnerabilities.html#nagios_metacharacter_vulnerability
Comment 1 Kurt Seifried 2013-03-01 04:59:11 EST
Created nrpe tracking bugs for this issue

Affects: fedora-all [bug 916949]
Comment 2 Kurt Seifried 2013-03-01 04:59:49 EST
Created nrpe tracking bugs for this issue

Affects: epel-all [bug 916950]
Comment 4 Fedora Update System 2013-06-08 23:31:21 EDT
nrpe-2.14-3.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 5 Fedora Update System 2013-06-11 04:59:09 EDT
nrpe-2.14-3.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 6 Fedora Update System 2013-06-11 05:08:46 EDT
nrpe-2.14-3.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2013-06-16 14:33:08 EDT
nrpe-2.14-3.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2013-06-16 14:34:49 EDT
nrpe-2.14-3.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.