npre vulnerability?
Posted: Thu May 02, 2013 3:31 pm
Hi,
I've just had a security vulnerablility forwarded to me and wanted to get some clarification on this.
Is it version 2.14 of Nagios they refer to or 2.14 of NRPE?
We are currently using check_nrpe (v 2.12) with NSClient++ (v 0.3.9) on Windows servers, other system info follows
System:
Nagios XI Version : 2012R1.6
LkennagiosP01 2.6.32-358.2.1.el6.x86_64 x86_64
CentOS release 6.4 (Final)
Gnome is not installed
If it is an issue do you have a fix for it?
================================================
>>ID: CVE-2013-1362
>>Title: Nagios Remote Plugin Executor Arbitrary Command Execution
>>Vendor: nagios.org
>>Description: A remote exploitation of an input validation error vulnerability in versions prior to 2.14 of Nagios, as included in various vendors' operating system distributions, could allow attackers to >>execute arbitrary commands on the targeted host.
>>CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
thanks,
Penny Karr
I've just had a security vulnerablility forwarded to me and wanted to get some clarification on this.
Is it version 2.14 of Nagios they refer to or 2.14 of NRPE?
We are currently using check_nrpe (v 2.12) with NSClient++ (v 0.3.9) on Windows servers, other system info follows
System:
Nagios XI Version : 2012R1.6
LkennagiosP01 2.6.32-358.2.1.el6.x86_64 x86_64
CentOS release 6.4 (Final)
Gnome is not installed
If it is an issue do you have a fix for it?
================================================
>>ID: CVE-2013-1362
>>Title: Nagios Remote Plugin Executor Arbitrary Command Execution
>>Vendor: nagios.org
>>Description: A remote exploitation of an input validation error vulnerability in versions prior to 2.14 of Nagios, as included in various vendors' operating system distributions, could allow attackers to >>execute arbitrary commands on the targeted host.
>>CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
thanks,
Penny Karr