Bug 916947 (CVE-2013-1362) - CVE-2013-1362 Nagios NRPE: nagios metacharacter filtering omission
Summary: CVE-2013-1362 Nagios NRPE: nagios metacharacter filtering omission
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2013-1362
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=important,public=20130221,repo...
Depends On: 916949 916950 918302 994768 994770 994771
Blocks: 958515
TreeView+ depends on / blocked
 
Reported: 2013-03-01 09:57 UTC by Kurt Seifried
Modified: 2019-06-08 19:27 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-03-07 02:19:11 UTC


Attachments (Terms of Use)

Description Kurt Seifried 2013-03-01 09:57:49 UTC
Rudolph Pereira (rudolph.pereira@occamsec.com) reports:

Summary:
---------------
CVE-ID: CVE-2013-1362
CVSS: Base Score 7.5
CVSS2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:UC/CDP:N/TD:N/CR:L/IR:L/AR:L
Vendor: Nagios
Affected Products: NRPE
Affected Platforms: All
Affected versions: < 2.14
Remote Exploitable: Yes
Local Exploitable: No
Patch Status Vendor released a patch (See Solution)
URL: http://www.occamsec.com/vulnerabilities.html#nagios_metacharacter_vulnerability

Description
----------------
nrpe 2.13 has, in src/nrpc.c, line 52:

#define NASTY_METACHARS         "|`&><'\"\\[]{};"

This allows the passing of $() to plugins/scripts which, if run under
bash, will execute that shell command under a subprocess and pass the
output as a parameter to the called script. Using this, it is possible
to get called scripts, such as check_http, to execute arbitrary
commands under the uid that NRPE/nagios is running as (typically,
'nagios').

Solution
------------
Upgrade to NRPE 2.14 or later, available at
http://sourceforge.net/projects/nagios/files/nrpe-2.x/

External References:

http://seclists.org/bugtraq/2013/Feb/119
http://www.occamsec.com/vulnerabilities.html#nagios_metacharacter_vulnerability

Comment 1 Kurt Seifried 2013-03-01 09:59:11 UTC
Created nrpe tracking bugs for this issue

Affects: fedora-all [bug 916949]

Comment 2 Kurt Seifried 2013-03-01 09:59:49 UTC
Created nrpe tracking bugs for this issue

Affects: epel-all [bug 916950]

Comment 4 Fedora Update System 2013-06-09 03:31:21 UTC
nrpe-2.14-3.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 5 Fedora Update System 2013-06-11 08:59:09 UTC
nrpe-2.14-3.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 6 Fedora Update System 2013-06-11 09:08:46 UTC
nrpe-2.14-3.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 7 Fedora Update System 2013-06-16 18:33:08 UTC
nrpe-2.14-3.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 8 Fedora Update System 2013-06-16 18:34:49 UTC
nrpe-2.14-3.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.