CVE-2013-1362

CVE-2013-1362

Name

CVE-2013-1362

Description

Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters, which are processed by bash.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
SUSE	http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00006.html
CONFIRM	https://bugzilla.novell.com/show_bug.cgi?id=807241
SUSE	http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00005.html
MISC	http://www.occamsec.com/vulnerabilities.html#nagios_metacharacter_vulnerability
BUGTRAQ	http://seclists.org/bugtraq/2013/Feb/119
EXPLOIT-DB	http://www.exploit-db.com/exploits/24955

Type

URI

SUSE

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00006.html

CONFIRM

https://bugzilla.novell.com/show_bug.cgi?id=807241

SUSE

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00005.html

MISC

http://www.occamsec.com/vulnerabilities.html#nagios_metacharacter_vulnerability

BUGTRAQ

http://seclists.org/bugtraq/2013/Feb/119

EXPLOIT-DB

http://www.exploit-db.com/exploits/24955

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:o:opensuse:opensuse:12.1:::::::*`	opensuse	== None	== 12.1
`cpe:2.3:o:opensuse:opensuse:12.2:::::::*`	opensuse	== None	== 12.2
`cpe:2.3:o:opensuse:opensuse:11.4:::::::*`	opensuse	== None	== 11.4

CPE URI

Source package

Min version

Max version

cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*

opensuse

== None

== 12.1

cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*

opensuse

== None

== 12.2

cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*

opensuse

== None

== 11.4

References

Match rules

Vulnerable and fixed packages