NVD

Id
31223  
Name
CVE-2014-2913  
Description
** DISPUTED ** Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe. NOTE: this issue is disputed by multiple parties. It has been reported that the vendor allows newlines as "expected behavior." Also, this issue can only occur when the administrator enables the "dont_blame_nrpe" option in nrpe.conf despite the "HIGH security risk" warning within the comments.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2014-05-07  
Modified Date
2016-12-21  
Seq
2014-2913  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
163740 31223 CVE-2014-2913 FEDORA-2015-15398  View
163741 31223 CVE-2014-2913 SUSE-SU-2014:0682  View
163742 31223 CVE-2014-2913 openSUSE-SU-2014:0594  View
163743 31223 CVE-2014-2913 openSUSE-SU-2014:0603  View
163744 31223 CVE-2014-2913 20140417 NRPE - Nagios Remote Plugin Executor <= 2.15 Remote Command Execution  View
163745 31223 CVE-2014-2913 20140418 Re: NRPE - Nagios Remote Plugin Executor <= 2.15 Remote Command Execution  View
163746 31223 CVE-2014-2913 [oss-security] 20140422 Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution  View
163747 31223 CVE-2014-2913 [oss-security] 20140422 Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution  View
163748 31223 CVE-2014-2913 66969  View

Related JVN