Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2013-1362
HistoryJul 09, 2013 - 12:00 a.m.

CVE-2013-1362

2013-07-0900:00:00
ubuntu.com
ubuntu.com
10

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.938 High

EPSS

Percentile

99.1%

JSON

Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In
Executor (NRPE) before 2.14 might allow remote attackers to execute
arbitrary shell commands via “$()” shell metacharacters, which are
processed by bash.

Bugs

Notes

Author Note
jdstrand This is a problem but requires ‘dont_blame_nrpe’ to be set in /etc/nagios/nrpe.cfg. This is set to ‘0’ in Ubuntu and there are significant warnings in /etc/nagios/nrpe.cfg about the security risks of enabling external command arguments.

Related

cve 1
nessus 8
suse 3
openvas 11
fedora 3
saint 4
cvelist 1
zdt 1
packetstorm 2
prion 1
checkpoint_advisories 1
amazon 1
nvd 1
debiancve 1
archlinux 1
gentoo 1
securityvulns 1
cve
cve
CVE-2013-1362
2013-07-09 17:55:00
nessus
nessus
Fedora 17 : nrpe-2.14-3.fc17 (2013-9836)
2013-07-12 00:00:00
Amazon Linux AMI : nrpe (ALAS-2013-203)
2013-09-04 00:00:00
Fedora 19 : nrpe-2.14-3.fc19 (2013-9829)
2013-07-12 00:00:00
suse
suse
Security update for nagios-nrpe, nagios-plugins-nrpe (important)
2013-07-19 00:04:17
NRPE metacharacter filtering omission (important)
2013-04-04 18:04:33
NRPE metacharacter filtering omission (important)
2013-04-04 17:05:36
openvas
openvas
openSUSE: Security Advisory for NRPE (openSUSE-SU-2013:0624-1)
2013-11-19 00:00:00
Fedora Update for nrpe FEDORA-2013-9836
2013-06-13 00:00:00
SUSE: Security Advisory (SUSE-SU-2013:1219-1)
2021-06-09 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: nrpe-2.14-3.fc17
2013-06-11 08:59:20
[SECURITY] Fedora 18 Update: nrpe-2.14-3.fc18
2013-06-11 09:08:57
[SECURITY] Fedora 19 Update: nrpe-2.14-3.fc19
2013-06-09 03:31:31
saint
saint
Nagios Remote Plugin Executor Metacharacter Filtering Omission
2013-05-13 00:00:00
Nagios Remote Plugin Executor Metacharacter Filtering Omission
2013-05-13 00:00:00
Nagios Remote Plugin Executor Metacharacter Filtering Omission
2013-05-13 00:00:00
cvelist
cvelist
CVE-2013-1362
2013-07-09 17:00:00
zdt
zdt
Nagios Remote Plugin Executor Arbitrary Command Execution
2013-04-12 00:00:00
packetstorm
packetstorm
Nagios NRPE 2.13 Code Execution
2013-02-22 00:00:00
Nagios Remote Plugin Executor Arbitrary Command Execution
2013-04-12 00:00:00
prion
prion
Input validation
2013-07-09 17:55:00
checkpoint_advisories
checkpoint_advisories
Nagios Remote Plugin Executor Arbitrary Command Execution (CVE-2013-1362)
2013-06-30 00:00:00
amazon
amazon
Important: nrpe
2013-06-20 14:14:00
nvd
nvd
CVE-2013-1362
2013-07-09 17:55:00
debiancve
debiancve
CVE-2013-1362
2013-07-09 17:55:00
archlinux
archlinux
[ASA-201801-14] nrpe: arbitrary command execution
2018-01-18 00:00:00
gentoo
gentoo
NRPE: Multiple Vulnerabilities
2014-08-30 00:00:00
securityvulns
securityvulns
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2013-02-24 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.938 High

EPSS

Percentile

99.1%

JSON
Related for UB:CVE-2013-1362
cve1nessus8suse3openvas11fedora3saint4cvelist1zdt1packetstorm2prion1checkpoint_advisories1amazon1nvd1debiancve1archlinux1gentoo1securityvulns1