Vulnerabilites related to nagios - remote_plug_in_executor
Vulnerability from fkie_nvd
Published
2020-03-16 18:15
Modified
2024-11-21 05:36
Severity ?
Summary
Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nagios | remote_plug_in_executor | 3.2.1 | |
| fedoraproject | fedora | 32 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:remote_plug_in_executor:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D89DB3CC-94E1-4D32-B286-58BDF871C2D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call."
},
{
"lang": "es",
"value": "Nagios NRPE versi\u00f3n 3.2.1, presenta un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria, como es demostrado por la interpretaci\u00f3n de un n\u00famero negativo peque\u00f1o como un n\u00famero positivo grande durante una llamada bzero."
}
],
"id": "CVE-2020-6582",
"lastModified": "2024-11-21T05:36:00.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-16T18:15:12.947",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://herolab.usd.de/security-advisories/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://herolab.usd.de/security-advisories/usd-2020-0001/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DNGKXVDB43E3KQRA6W5QZT3Z46XZLQM/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://herolab.usd.de/security-advisories/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://herolab.usd.de/security-advisories/usd-2020-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DNGKXVDB43E3KQRA6W5QZT3Z46XZLQM/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-681"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-09 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters, which are processed by bash.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:remote_plug_in_executor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFAD8A1B-04A8-482A-A86B-8DAA7B6E93C3",
"versionEndIncluding": "2.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:remote_plug_in_executor:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4A49AE0F-B664-4A47-ABB4-EF8B849EF1A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:remote_plug_in_executor:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1D6901E7-1686-4BFE-81C7-33E63E9671D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:remote_plug_in_executor:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3380B356-717F-4B4D-B9A0-7A20FA14CB18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:remote_plug_in_executor:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D8E1887C-0098-49BA-A461-09995A3260E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:remote_plug_in_executor:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5E220D8A-411F-4BBA-892A-E511E1068E5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:remote_plug_in_executor:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D77A4499-1449-4A1D-B016-FE67EE662909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:remote_plug_in_executor:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CD520112-C11F-4212-A419-229B333D39F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:remote_plug_in_executor:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5DD7C160-B257-45D3-B472-C5F607EA5493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:remote_plug_in_executor:2.0b1:*:*:*:*:*:*:*",
"matchCriteriaId": "02A98194-74FE-4606-B234-5C427E3FD03A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:remote_plug_in_executor:2.0b2:*:*:*:*:*:*:*",
"matchCriteriaId": "1147964B-0818-4F40-9A32-F46F19292743",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:remote_plug_in_executor:2.0b3:*:*:*:*:*:*:*",
"matchCriteriaId": "2781F0BD-7710-4AD1-8CF8-B58D2AD17C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:remote_plug_in_executor:2.0b4:*:*:*:*:*:*:*",
"matchCriteriaId": "9A0F0DED-A7F6-4696-85CE-B678457C9FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:remote_plug_in_executor:2.0b5:*:*:*:*:*:*:*",
"matchCriteriaId": "B0CBD76E-B474-45CC-BD28-803C4131B424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:remote_plug_in_executor:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AA4D7DC0-47EA-4921-BDF1-5261FAE86C19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:remote_plug_in_executor:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1EA79C6C-5F44-4858-9591-D166C48F9F01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:remote_plug_in_executor:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A97AC15B-21AC-4A83-9931-0B9B97C2E715",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:remote_plug_in_executor:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A88DA92D-1FCA-4147-BC6B-22C4D9BF87CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:remote_plug_in_executor:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A26564C3-2E09-456E-A9FE-C20D3AAA3002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:remote_plug_in_executor:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1F06852C-1425-47B4-A9BE-008155DE678A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:remote_plug_in_executor:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F41DA62F-10A9-4C46-B535-B919B5705F26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:remote_plug_in_executor:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B271099-EFC2-49C5-AAA9-5A5C52966C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:remote_plug_in_executor:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "129CA7B1-B9D1-407E-A341-E933CB2F1B2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:remote_plug_in_executor:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79C802E9-B5D0-42D7-8765-31A7620BFF13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:remote_plug_in_executor:2.8b1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3634819-B7D0-475C-9343-3E9214542B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:remote_plug_in_executor:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "51DCCE7B-E396-48D3-9F43-BB726323554D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:remote_plug_in_executor:2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE624CC-AB47-485A-9DBC-B0D4CDE99798",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:remote_plug_in_executor:2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "70D204AE-8704-4EA4-AD77-926E93D50020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:remote_plug_in_executor:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "DDD1059D-A9BD-4E4B-BCA0-D317EE19EB3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via \"$()\" shell metacharacters, which are processed by bash."
},
{
"lang": "es",
"value": "Vulenrabilidad de lista negra incompleta en nrpc.c en Nagios Remote Plug-In Executor (NRPE) anteriroes a v2.14 podr\u00eda permitir a atacantes remotos ejecutar comandos del sistema a trav\u00e9s de los metacaracteres \"$()\" , que son procesados por bash."
}
],
"id": "CVE-2013-1362",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-09T17:55:00.890",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00005.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00006.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/bugtraq/2013/Feb/119"
},
{
"source": "cve@mitre.org",
"url": "http://www.exploit-db.com/exploits/24955"
},
{
"source": "cve@mitre.org",
"url": "http://www.occamsec.com/vulnerabilities.html#nagios_metacharacter_vulnerability"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=807241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2013/Feb/119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/24955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.occamsec.com/vulnerabilities.html#nagios_metacharacter_vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=807241"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-16 18:15
Modified
2024-11-21 05:36
Severity ?
Summary
Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets \n as the character \ and the character n (not as the \n newline sequence). This can cause command injection.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nagios | remote_plug_in_executor | 3.2.1 | |
| fedoraproject | fedora | 32 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:remote_plug_in_executor:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D89DB3CC-94E1-4D32-B286-58BDF871C2D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets \\n as the character \\ and the character n (not as the \\n newline sequence). This can cause command injection."
},
{
"lang": "es",
"value": "Nagios NRPE versi\u00f3n 3.2.1, presenta un filtrado insuficiente porque, por ejemplo, la funci\u00f3n nasty_metachars interpreta \\n como el car\u00e1cter \\ y el car\u00e1cter n (no como la secuencia newline \\n). Esto puede causar una inyecci\u00f3n de comandos."
}
],
"id": "CVE-2020-6581",
"lastModified": "2024-11-21T05:36:00.273",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-16T18:15:12.867",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://herolab.usd.de/security-advisories/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://herolab.usd.de/security-advisories/usd-2020-0002/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DNGKXVDB43E3KQRA6W5QZT3Z46XZLQM/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://herolab.usd.de/security-advisories/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://herolab.usd.de/security-advisories/usd-2020-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DNGKXVDB43E3KQRA6W5QZT3Z46XZLQM/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-6582 (GCVE-0-2020-6582)
Vulnerability from cvelistv5
Published
2020-03-16 17:13
Modified
2024-08-04 09:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call.
References
| ▼ | URL | Tags |
|---|---|---|
| https://herolab.usd.de/security-advisories/ | x_refsource_MISC | |
| https://herolab.usd.de/security-advisories/usd-2020-0001/ | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DNGKXVDB43E3KQRA6W5QZT3Z46XZLQM/ | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:11:04.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://herolab.usd.de/security-advisories/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://herolab.usd.de/security-advisories/usd-2020-0001/"
},
{
"name": "FEDORA-2020-d436ed655f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DNGKXVDB43E3KQRA6W5QZT3Z46XZLQM/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-25T04:06:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://herolab.usd.de/security-advisories/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://herolab.usd.de/security-advisories/usd-2020-0001/"
},
{
"name": "FEDORA-2020-d436ed655f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DNGKXVDB43E3KQRA6W5QZT3Z46XZLQM/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-6582",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://herolab.usd.de/security-advisories/",
"refsource": "MISC",
"url": "https://herolab.usd.de/security-advisories/"
},
{
"name": "https://herolab.usd.de/security-advisories/usd-2020-0001/",
"refsource": "MISC",
"url": "https://herolab.usd.de/security-advisories/usd-2020-0001/"
},
{
"name": "FEDORA-2020-d436ed655f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DNGKXVDB43E3KQRA6W5QZT3Z46XZLQM/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-6582",
"datePublished": "2020-03-16T17:13:56",
"dateReserved": "2020-01-08T00:00:00",
"dateUpdated": "2024-08-04T09:11:04.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1362 (GCVE-0-2013-1362)
Vulnerability from cvelistv5
Published
2013-07-09 17:00
Modified
2024-08-06 14:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters, which are processed by bash.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.novell.com/show_bug.cgi?id=807241 | x_refsource_CONFIRM | |
| http://seclists.org/bugtraq/2013/Feb/119 | mailing-list, x_refsource_BUGTRAQ | |
| http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00006.html | vendor-advisory, x_refsource_SUSE | |
| http://www.exploit-db.com/exploits/24955 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.occamsec.com/vulnerabilities.html#nagios_metacharacter_vulnerability | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00005.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:57:05.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=807241"
},
{
"name": "20130221 OSEC-2013-01: nagios metacharacter filtering omission",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2013/Feb/119"
},
{
"name": "openSUSE-SU-2013:0624",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00006.html"
},
{
"name": "24955",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/24955"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.occamsec.com/vulnerabilities.html#nagios_metacharacter_vulnerability"
},
{
"name": "openSUSE-SU-2013:0621",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via \"$()\" shell metacharacters, which are processed by bash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-09T15:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=807241"
},
{
"name": "20130221 OSEC-2013-01: nagios metacharacter filtering omission",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2013/Feb/119"
},
{
"name": "openSUSE-SU-2013:0624",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00006.html"
},
{
"name": "24955",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/24955"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.occamsec.com/vulnerabilities.html#nagios_metacharacter_vulnerability"
},
{
"name": "openSUSE-SU-2013:0621",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00005.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via \"$()\" shell metacharacters, which are processed by bash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=807241",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=807241"
},
{
"name": "20130221 OSEC-2013-01: nagios metacharacter filtering omission",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2013/Feb/119"
},
{
"name": "openSUSE-SU-2013:0624",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00006.html"
},
{
"name": "24955",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/24955"
},
{
"name": "http://www.occamsec.com/vulnerabilities.html#nagios_metacharacter_vulnerability",
"refsource": "MISC",
"url": "http://www.occamsec.com/vulnerabilities.html#nagios_metacharacter_vulnerability"
},
{
"name": "openSUSE-SU-2013:0621",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00005.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-1362",
"datePublished": "2013-07-09T17:00:00",
"dateReserved": "2013-01-14T00:00:00",
"dateUpdated": "2024-08-06T14:57:05.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6581 (GCVE-0-2020-6581)
Vulnerability from cvelistv5
Published
2020-03-16 17:13
Modified
2024-08-04 09:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets \n as the character \ and the character n (not as the \n newline sequence). This can cause command injection.
References
| ▼ | URL | Tags |
|---|---|---|
| https://herolab.usd.de/security-advisories/ | x_refsource_MISC | |
| https://herolab.usd.de/security-advisories/usd-2020-0002/ | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DNGKXVDB43E3KQRA6W5QZT3Z46XZLQM/ | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:11:04.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://herolab.usd.de/security-advisories/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://herolab.usd.de/security-advisories/usd-2020-0002/"
},
{
"name": "FEDORA-2020-d436ed655f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DNGKXVDB43E3KQRA6W5QZT3Z46XZLQM/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets \\n as the character \\ and the character n (not as the \\n newline sequence). This can cause command injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-25T04:06:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://herolab.usd.de/security-advisories/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://herolab.usd.de/security-advisories/usd-2020-0002/"
},
{
"name": "FEDORA-2020-d436ed655f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DNGKXVDB43E3KQRA6W5QZT3Z46XZLQM/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-6581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets \\n as the character \\ and the character n (not as the \\n newline sequence). This can cause command injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://herolab.usd.de/security-advisories/",
"refsource": "MISC",
"url": "https://herolab.usd.de/security-advisories/"
},
{
"name": "https://herolab.usd.de/security-advisories/usd-2020-0002/",
"refsource": "MISC",
"url": "https://herolab.usd.de/security-advisories/usd-2020-0002/"
},
{
"name": "FEDORA-2020-d436ed655f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DNGKXVDB43E3KQRA6W5QZT3Z46XZLQM/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-6581",
"datePublished": "2020-03-16T17:13:00",
"dateReserved": "2020-01-08T00:00:00",
"dateUpdated": "2024-08-04T09:11:04.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}