Bug#745272: [Pkg-nagios-devel] Bug#745272: Bug#745272: NRPE - Nagios Remote Plugin Executor <= 2.15 Remote CommandExecution, POC released

On Sun, 20 Apr 2014, Markus Manzke wrote: > > > hi alex > > >There is a good reason we don't recommend using arguments... > > > >Alex > > yes, i know; thats why a similar bug is unfixed in squeeze > for a year or so now, although reported just a followup: http://seclists.org/oss-sec/2014/q2/1

Bug#745272: [Pkg-nagios-devel] Bug#745272: NRPE - Nagios Remote Plugin Executor <= 2.15 Remote CommandExecution, POC released

hi alex There is a good reason we don't recommend using arguments... Alex yes, i know; thats why a similar bug is unfixed in squeeze for a year or so now, although reported regards, markus -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubsc

Bug#745272: [Pkg-nagios-devel] Bug#745272: NRPE - Nagios Remote Plugin Executor <= 2.15 Remote CommandExecution, POC released

On Sun, 20 Apr 2014, Markus Manzke wrote: > Package: nagios-nrpe-server > Severity: critical > Tags: security > > NRPE fails to check input when a newline-character is issued > > POC has been released and works on debian 7, no CVE assigned yet > > http://seclists.org/fulldisclosure/2014/Apr/240

Bug#745272: NRPE - Nagios Remote Plugin Executor <= 2.15 Remote CommandExecution, POC released

Package: nagios-nrpe-server Severity: critical Tags: security NRPE fails to check input when a newline-character is issued POC has been released and works on debian 7, no CVE assigned yet http://seclists.org/fulldisclosure/2014/Apr/240 http://seclists.org/oss-sec/2014/q2/136 -- System Informa