Nome do pacote
nrpe
Data
2014-01-16
ID Alerta
MDVSA-2014:003
Versões afetadas
MES5 i586 , MES5 x86_64

Descrição do problema

A vulnerability has been discovered and corrected in nrpe:

Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In
Executor (NRPE) before 2.14 might allow remote attackers to execute
arbitrary shell commands via $() shell metacharacters, which are
processed by bash (CVE-2013-1362).

The updated packages have been patched to correct this issue.

Pacotes atualizados

MES5 i586

 b1e7355f70355e6c51c111621ceaefa7  mes5/i586/nagios-check_nrpe-2.12-1.1mdvmes5.2.i586.rpm
 a6658a6a374b751c365327037734dcb7  mes5/i586/nrpe-2.12-1.1mdvmes5.2.i586.rpm 
 bb61f280adb5b90ce6e179a73b877909  mes5/SRPMS/nrpe-2.12-1.1mdvmes5.2.src.rpm

MES5 x86_64

 50e5dde4649ec6c065b157f42907561c  mes5/x86_64/nagios-check_nrpe-2.12-1.1mdvmes5.2.x86_64.rpm
 1b54bdc2edd2323af66b952d12b6eaeb  mes5/x86_64/nrpe-2.12-1.1mdvmes5.2.x86_64.rpm 
 bb61f280adb5b90ce6e179a73b877909  mes5/SRPMS/nrpe-2.12-1.1mdvmes5.2.src.rpm

Referências