When /usr/lib64/nagios/plugins/check_nrpe is run with an argument, if nrpe.cfg contains "dont_blame_nrpe=0", the request should fail and following two messages should be logged:
Error: Request contained command arguments, but argument option is not enabled!
Client request from was invalid, bailing out...
These messages are not being logged because when code was added to nrpe.c to handle V3 records, someone neglected to change the code that checks for arguments so it caters for a V2 record and also a V3 record. The code was not updated and only checks for a V2 record. When a V3 record is received by nrpe, the code checks for arguments in a area containing a V2 record! It should check in an area containing the received V3 record.
As a result, it is possible to run a check passing arguments with "dont_blame_nrpe=0".
This is a security bug that needs to be fixed asap.
Security bug introduced into nrpe.c when V3 code was added
Re: Security bug introduced into nrpe.c when V3 code was add
Can you open an issue for this on our GitHub page? https://github.com/NagiosEnterprises/nagioscore
That is the fastest way to get it in front of a developer. Please make sure to include any examples of this bug being triggered, so we can replicate it internally for testing.
That is the fastest way to get it in front of a developer. Please make sure to include any examples of this bug being triggered, so we can replicate it internally for testing.
Former Nagios employee