Описание
Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets \n as the character \ and the character n (not as the \n newline sequence). This can cause command injection.
A flaw was found in nrpe. A command injection is possible due to insufficient filtering. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Отчет
Nagios is considered deprecated. Nagios plugins and Nagios server are no longer maintained or supported. Refer following release notes for details: "https://access.redhat.com/documentation/en-us/red_hat_gluster_storage/3.5/html-single/3.5_release_notes/index". The older version of nrpe which was shipped with Red Hat Gluster Storage does not support v3 packet format.
Меры по смягчению последствий
Disable nasty_metachars and dont_blame_nrpe option inside the NRPE configuration file - /etc/nagios/nrpe.cfg
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Storage 3 | nrpe | Not affected |
Показывать по
Дополнительная информация
Статус:
7.3 High
CVSS3
Связанные уязвимости
Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets \n as the character \ and the character n (not as the \n newline sequence). This can cause command injection.
Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets \n as the character \ and the character n (not as the \n newline sequence). This can cause command injection.
Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nas ...
Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets \n as the character \ and the character n (not as the \n newline sequence). This can cause command injection.
7.3 High
CVSS3