Fix for NRPE <= 2.15 Remote Command Execution
Posted: Wed Jul 23, 2014 11:15 am
Hello,
I wrote a fix for the NRPE 2.13 that I use in my environment and would like to share with you the fix that adopted here.
I think the fix is to extend the other versions of NRPE without any problems.
vulnerable code
Fixed code
I wrote a fix for the NRPE 2.13 that I use in my environment and would like to share with you the fix that adopted here.
I think the fix is to extend the other versions of NRPE without any problems.
vulnerable code
Code: Select all
...
if(contains_nasty_metachars(pkt->buffer)==TRUE){
syslog(LOG_ERR,"Error: Request contained illegal metachars!");
return ERROR;
}
...
Fixed code
Code: Select all
const char newline[] = "\n";
...
/* test if buffer contains newline character */
int check_new_line(char *str){
if(strpbrk(str, newline))
return TRUE;
return FALSE;
}
...
if(contains_nasty_metachars(pkt->buffer)==TRUE || check_new_line(pkt->buffer) == TRUE){
syslog(LOG_ERR,"Error: Request contained illegal metachars!");
return ERROR;
}
...