CVE 2013-1362
Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters, which are processed by bash.
Related bugs and status
CVE-2013-1362 (Candidate) is related to these bugs:
Bug #1153638: nrpe allows the passing of $() as command arguments to execute shell commands
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1153638 | nrpe allows the passing of $() as command arguments to execute shell commands | nagios-nrpe (Ubuntu) | Low | Fix Released | ||
| 1153638 | nrpe allows the passing of $() as command arguments to execute shell commands | nagios-nrpe (Ubuntu Lucid) | Low | Won't Fix | ||
| 1153638 | nrpe allows the passing of $() as command arguments to execute shell commands | nagios-nrpe (Ubuntu Oneiric) | Low | Won't Fix | ||
| 1153638 | nrpe allows the passing of $() as command arguments to execute shell commands | nagios-nrpe (Ubuntu Precise) | Low | Won't Fix | ||
| 1153638 | nrpe allows the passing of $() as command arguments to execute shell commands | nagios-nrpe (Ubuntu Raring) | Low | Won't Fix | ||
| 1153638 | nrpe allows the passing of $() as command arguments to execute shell commands | nagios-nrpe (Ubuntu Quantal) | Low | Won't Fix | ||
| 1153638 | nrpe allows the passing of $() as command arguments to execute shell commands | nagios-nrpe (Debian) | Unknown | Fix Released | ||
Bug #1348142: Please merge nagios-nrpe 2.15-1 (main) from Debian unstable (main)
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1348142 | Please merge nagios-nrpe 2.15-1 (main) from Debian unstable (main) | nagios-nrpe (Ubuntu) | Undecided | Fix Released | ||
Bug #1555258: Request contained command arguments
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1555258 | Request contained command arguments | nagios-nrpe (Ubuntu) | Medium | Fix Released | ||
| 1555258 | Request contained command arguments | nagios-nrpe (Debian) | Unknown | Fix Released | ||
| 1555258 | Request contained command arguments | nagios-nrpe (Ubuntu Yakkety) | Medium | Fix Released | ||
| 1555258 | Request contained command arguments | nagios-nrpe (Ubuntu Artful) | Medium | Fix Released | ||
| 1555258 | Request contained command arguments | nagios-nrpe (Ubuntu Xenial) | Medium | Fix Released | ||
| 1555258 | Request contained command arguments | nagios-nrpe (Ubuntu Zesty) | Medium | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
