Re: [Nagios-devel] Addressing security vulnerabilities

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
Guest

Re: [Nagios-devel] Addressing security vulnerabilities

Post by Guest »

Yes, I have tested this - we were able to compromise a host at a
client using this.

I think use of execve() would be fine, though wasn't sure if the loss
of variable expansion would be acceptable.

On Wed, Nov 28, 2012 at 6:36 AM, Andreas Ericsson wrote:
> On 11/27/2012 05:11 PM, Rudolph Pereira wrote:
>> Hi all,
>>
>> I submitted http://tracker.nagios.org/view.php?id=400 a while ago and
>> have had little to no response on it, even though it is a serious
>> issue.
>>
>> I am looking for suggestions on how to deal with this; given the
>> seriousness of the issue and how many users it affects I believe a
>> security vulnerability notice should go out at the very least. Should
>> I be working with ocert or some other intermediary on this?
>>
>
> Have you tested this exploit? It might be blocked by how NRPE handles
> command line arguments.
>
> One very simple way around it would otherwise be to disallow relative
> paths to commands and use execve() to execute the checks. That way,
> the plugin will get '$(lalafoo)' as an argument rather than the output
> of that command.
>
> --
> Andreas Ericsson andreas.ericsson@op5.se
> OP5 AB www.op5.se
> Tel: +46 8-230225 Fax: +46 8-230231
>
> Considering the successes of the wars on alcohol, poverty, drugs and
> terror, I think we should give some serious thought to declaring war
> on peace.





This post was automatically imported from historical nagios-devel mailing list archives
Original poster: rudolph.pereira+nagios@occamsec.com
Locked