Vulnerability-Lookup

SUSE-SU-2024:1417-1

Vulnerability from csaf_suse - Published: 2024-04-24 08:34 - Updated: 2024-04-24 08:34

Summary

Security update for nrpe

Notes

Title of the patch

Security update for nrpe

Description of the patch

This update for nrpe fixes the following issues: CVE-2014-2913: Fixed remote command execution when command arguments are enabled (bsc#1118590,bsc#874743)

Patchnames

SUSE-2024-1417,SUSE-SLE-SERVER-12-SP5-2024-1417

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for nrpe",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for nrpe fixes the following issues:\n\nCVE-2014-2913: Fixed remote command execution when command arguments are enabled (bsc#1118590,bsc#874743) \n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2024-1417,SUSE-SLE-SERVER-12-SP5-2024-1417",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1417-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2024:1417-1",
        "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241417-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2024:1417-1",
        "url": "https://lists.suse.com/pipermail/sle-updates/2024-April/035087.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1118590",
        "url": "https://bugzilla.suse.com/1118590"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 874743",
        "url": "https://bugzilla.suse.com/874743"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2014-2913 page",
        "url": "https://www.suse.com/security/cve/CVE-2014-2913/"
      }
    ],
    "title": "Security update for nrpe",
    "tracking": {
      "current_release_date": "2024-04-24T08:34:19Z",
      "generator": {
        "date": "2024-04-24T08:34:19Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2024:1417-1",
      "initial_release_date": "2024-04-24T08:34:19Z",
      "revision_history": [
        {
          "date": "2024-04-24T08:34:19Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "monitoring-plugins-nrpe-2.15-6.6.1.aarch64",
                "product": {
                  "name": "monitoring-plugins-nrpe-2.15-6.6.1.aarch64",
                  "product_id": "monitoring-plugins-nrpe-2.15-6.6.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "nrpe-2.15-6.6.1.aarch64",
                "product": {
                  "name": "nrpe-2.15-6.6.1.aarch64",
                  "product_id": "nrpe-2.15-6.6.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "nrpe-doc-2.15-6.6.1.aarch64",
                "product": {
                  "name": "nrpe-doc-2.15-6.6.1.aarch64",
                  "product_id": "nrpe-doc-2.15-6.6.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "monitoring-plugins-nrpe-2.15-6.6.1.i586",
                "product": {
                  "name": "monitoring-plugins-nrpe-2.15-6.6.1.i586",
                  "product_id": "monitoring-plugins-nrpe-2.15-6.6.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "nrpe-2.15-6.6.1.i586",
                "product": {
                  "name": "nrpe-2.15-6.6.1.i586",
                  "product_id": "nrpe-2.15-6.6.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "nrpe-doc-2.15-6.6.1.i586",
                "product": {
                  "name": "nrpe-doc-2.15-6.6.1.i586",
                  "product_id": "nrpe-doc-2.15-6.6.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "monitoring-plugins-nrpe-2.15-6.6.1.ppc64le",
                "product": {
                  "name": "monitoring-plugins-nrpe-2.15-6.6.1.ppc64le",
                  "product_id": "monitoring-plugins-nrpe-2.15-6.6.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "nrpe-2.15-6.6.1.ppc64le",
                "product": {
                  "name": "nrpe-2.15-6.6.1.ppc64le",
                  "product_id": "nrpe-2.15-6.6.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "nrpe-doc-2.15-6.6.1.ppc64le",
                "product": {
                  "name": "nrpe-doc-2.15-6.6.1.ppc64le",
                  "product_id": "nrpe-doc-2.15-6.6.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "monitoring-plugins-nrpe-2.15-6.6.1.s390",
                "product": {
                  "name": "monitoring-plugins-nrpe-2.15-6.6.1.s390",
                  "product_id": "monitoring-plugins-nrpe-2.15-6.6.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "nrpe-2.15-6.6.1.s390",
                "product": {
                  "name": "nrpe-2.15-6.6.1.s390",
                  "product_id": "nrpe-2.15-6.6.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "nrpe-doc-2.15-6.6.1.s390",
                "product": {
                  "name": "nrpe-doc-2.15-6.6.1.s390",
                  "product_id": "nrpe-doc-2.15-6.6.1.s390"
                }
              }
            ],
            "category": "architecture",
            "name": "s390"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "monitoring-plugins-nrpe-2.15-6.6.1.s390x",
                "product": {
                  "name": "monitoring-plugins-nrpe-2.15-6.6.1.s390x",
                  "product_id": "monitoring-plugins-nrpe-2.15-6.6.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "nrpe-2.15-6.6.1.s390x",
                "product": {
                  "name": "nrpe-2.15-6.6.1.s390x",
                  "product_id": "nrpe-2.15-6.6.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "nrpe-doc-2.15-6.6.1.s390x",
                "product": {
                  "name": "nrpe-doc-2.15-6.6.1.s390x",
                  "product_id": "nrpe-doc-2.15-6.6.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "monitoring-plugins-nrpe-2.15-6.6.1.x86_64",
                "product": {
                  "name": "monitoring-plugins-nrpe-2.15-6.6.1.x86_64",
                  "product_id": "monitoring-plugins-nrpe-2.15-6.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "nrpe-2.15-6.6.1.x86_64",
                "product": {
                  "name": "nrpe-2.15-6.6.1.x86_64",
                  "product_id": "nrpe-2.15-6.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "nrpe-doc-2.15-6.6.1.x86_64",
                "product": {
                  "name": "nrpe-doc-2.15-6.6.1.x86_64",
                  "product_id": "nrpe-doc-2.15-6.6.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP5",
                  "product_id": "SUSE Linux Enterprise Server 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:12:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "monitoring-plugins-nrpe-2.15-6.6.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:monitoring-plugins-nrpe-2.15-6.6.1.aarch64"
        },
        "product_reference": "monitoring-plugins-nrpe-2.15-6.6.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "monitoring-plugins-nrpe-2.15-6.6.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:monitoring-plugins-nrpe-2.15-6.6.1.ppc64le"
        },
        "product_reference": "monitoring-plugins-nrpe-2.15-6.6.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "monitoring-plugins-nrpe-2.15-6.6.1.s390x as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:monitoring-plugins-nrpe-2.15-6.6.1.s390x"
        },
        "product_reference": "monitoring-plugins-nrpe-2.15-6.6.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "monitoring-plugins-nrpe-2.15-6.6.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:monitoring-plugins-nrpe-2.15-6.6.1.x86_64"
        },
        "product_reference": "monitoring-plugins-nrpe-2.15-6.6.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nrpe-2.15-6.6.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:nrpe-2.15-6.6.1.aarch64"
        },
        "product_reference": "nrpe-2.15-6.6.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nrpe-2.15-6.6.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:nrpe-2.15-6.6.1.ppc64le"
        },
        "product_reference": "nrpe-2.15-6.6.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nrpe-2.15-6.6.1.s390x as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:nrpe-2.15-6.6.1.s390x"
        },
        "product_reference": "nrpe-2.15-6.6.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nrpe-2.15-6.6.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:nrpe-2.15-6.6.1.x86_64"
        },
        "product_reference": "nrpe-2.15-6.6.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "monitoring-plugins-nrpe-2.15-6.6.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:monitoring-plugins-nrpe-2.15-6.6.1.aarch64"
        },
        "product_reference": "monitoring-plugins-nrpe-2.15-6.6.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "monitoring-plugins-nrpe-2.15-6.6.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:monitoring-plugins-nrpe-2.15-6.6.1.ppc64le"
        },
        "product_reference": "monitoring-plugins-nrpe-2.15-6.6.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "monitoring-plugins-nrpe-2.15-6.6.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:monitoring-plugins-nrpe-2.15-6.6.1.s390x"
        },
        "product_reference": "monitoring-plugins-nrpe-2.15-6.6.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "monitoring-plugins-nrpe-2.15-6.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:monitoring-plugins-nrpe-2.15-6.6.1.x86_64"
        },
        "product_reference": "monitoring-plugins-nrpe-2.15-6.6.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nrpe-2.15-6.6.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:nrpe-2.15-6.6.1.aarch64"
        },
        "product_reference": "nrpe-2.15-6.6.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nrpe-2.15-6.6.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:nrpe-2.15-6.6.1.ppc64le"
        },
        "product_reference": "nrpe-2.15-6.6.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nrpe-2.15-6.6.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:nrpe-2.15-6.6.1.s390x"
        },
        "product_reference": "nrpe-2.15-6.6.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nrpe-2.15-6.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:nrpe-2.15-6.6.1.x86_64"
        },
        "product_reference": "nrpe-2.15-6.6.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2014-2913",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2014-2913"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe.  NOTE: this issue is disputed by multiple parties. It has been reported that the vendor allows newlines as \"expected behavior.\" Also, this issue can only occur when the administrator enables the \"dont_blame_nrpe\" option in nrpe.conf despite the \"HIGH security risk\" warning within the comments",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5:monitoring-plugins-nrpe-2.15-6.6.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5:monitoring-plugins-nrpe-2.15-6.6.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5:monitoring-plugins-nrpe-2.15-6.6.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5:monitoring-plugins-nrpe-2.15-6.6.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5:nrpe-2.15-6.6.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5:nrpe-2.15-6.6.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5:nrpe-2.15-6.6.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5:nrpe-2.15-6.6.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:monitoring-plugins-nrpe-2.15-6.6.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:monitoring-plugins-nrpe-2.15-6.6.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:monitoring-plugins-nrpe-2.15-6.6.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:monitoring-plugins-nrpe-2.15-6.6.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:nrpe-2.15-6.6.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:nrpe-2.15-6.6.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:nrpe-2.15-6.6.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:nrpe-2.15-6.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2014-2913",
          "url": "https://www.suse.com/security/cve/CVE-2014-2913"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 874743 for CVE-2014-2913",
          "url": "https://bugzilla.suse.com/874743"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5:monitoring-plugins-nrpe-2.15-6.6.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:monitoring-plugins-nrpe-2.15-6.6.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:monitoring-plugins-nrpe-2.15-6.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:monitoring-plugins-nrpe-2.15-6.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:nrpe-2.15-6.6.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:nrpe-2.15-6.6.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:nrpe-2.15-6.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:nrpe-2.15-6.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:monitoring-plugins-nrpe-2.15-6.6.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:monitoring-plugins-nrpe-2.15-6.6.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:monitoring-plugins-nrpe-2.15-6.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:monitoring-plugins-nrpe-2.15-6.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:nrpe-2.15-6.6.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:nrpe-2.15-6.6.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:nrpe-2.15-6.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:nrpe-2.15-6.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-04-24T08:34:19Z",
          "details": "important"
        }
      ],
      "title": "CVE-2014-2913"
    }
  ]
}

CVE-2014-2913 (GCVE-0-2014-2913)

Vulnerability from cvelistv5 – Published: 2014-05-07 10:00 – Updated: 2024-08-06 10:28 Disputed

Summary

Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe. NOTE: this issue is disputed by multiple parties. It has been reported that the vendor allows newlines as "expected behavior." Also, this issue can only occur when the administrator enables the "dont_blame_nrpe" option in nrpe.conf despite the "HIGH security risk" warning within the comments

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://lists.opensuse.org/opensuse-updates/2014-0…	vendor-advisoryx_refsource_SUSE
	http://www.securityfocus.com/bid/66969	vdb-entryx_refsource_BID
	http://seclists.org/oss-sec/2014/q2/155	mailing-listx_refsource_MLIST
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://lists.opensuse.org/opensuse-updates/2014-0…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://seclists.org/oss-sec/2014/q2/154	mailing-listx_refsource_MLIST
	http://seclists.org/fulldisclosure/2014/Apr/240	mailing-listx_refsource_FULLDISC
	http://seclists.org/fulldisclosure/2014/Apr/242	mailing-listx_refsource_FULLDISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:28:46.232Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2014:0603",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00014.html"
          },
          {
            "name": "66969",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/66969"
          },
          {
            "name": "[oss-security] 20140422 Re: CVE Request: Nagios Remote Plugin Executor \u003c= 2.15 Remote Command Execution",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2014/q2/155"
          },
          {
            "name": "FEDORA-2015-15398",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166528.html"
          },
          {
            "name": "openSUSE-SU-2014:0594",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00005.html"
          },
          {
            "name": "SUSE-SU-2014:0682",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00011.html"
          },
          {
            "name": "[oss-security] 20140422 Re: CVE Request: Nagios Remote Plugin Executor \u003c= 2.15 Remote Command Execution",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2014/q2/154"
          },
          {
            "name": "20140417 NRPE - Nagios Remote Plugin Executor \u003c= 2.15 Remote Command Execution",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/Apr/240"
          },
          {
            "name": "20140418 Re: NRPE - Nagios Remote Plugin Executor \u003c= 2.15 Remote Command Execution",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/Apr/242"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-04-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe.  NOTE: this issue is disputed by multiple parties. It has been reported that the vendor allows newlines as \"expected behavior.\" Also, this issue can only occur when the administrator enables the \"dont_blame_nrpe\" option in nrpe.conf despite the \"HIGH security risk\" warning within the comments"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-20T16:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "openSUSE-SU-2014:0603",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00014.html"
        },
        {
          "name": "66969",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/66969"
        },
        {
          "name": "[oss-security] 20140422 Re: CVE Request: Nagios Remote Plugin Executor \u003c= 2.15 Remote Command Execution",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://seclists.org/oss-sec/2014/q2/155"
        },
        {
          "name": "FEDORA-2015-15398",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166528.html"
        },
        {
          "name": "openSUSE-SU-2014:0594",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00005.html"
        },
        {
          "name": "SUSE-SU-2014:0682",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00011.html"
        },
        {
          "name": "[oss-security] 20140422 Re: CVE Request: Nagios Remote Plugin Executor \u003c= 2.15 Remote Command Execution",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://seclists.org/oss-sec/2014/q2/154"
        },
        {
          "name": "20140417 NRPE - Nagios Remote Plugin Executor \u003c= 2.15 Remote Command Execution",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/Apr/240"
        },
        {
          "name": "20140418 Re: NRPE - Nagios Remote Plugin Executor \u003c= 2.15 Remote Command Execution",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/Apr/242"
        }
      ],
      "tags": [
        "disputed"
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-2913",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "** DISPUTED ** Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe.  NOTE: this issue is disputed by multiple parties. It has been reported that the vendor allows newlines as \"expected behavior.\" Also, this issue can only occur when the administrator enables the \"dont_blame_nrpe\" option in nrpe.conf despite the \"HIGH security risk\" warning within the comments."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openSUSE-SU-2014:0603",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00014.html"
            },
            {
              "name": "66969",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/66969"
            },
            {
              "name": "[oss-security] 20140422 Re: CVE Request: Nagios Remote Plugin Executor \u003c= 2.15 Remote Command Execution",
              "refsource": "MLIST",
              "url": "http://seclists.org/oss-sec/2014/q2/155"
            },
            {
              "name": "FEDORA-2015-15398",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166528.html"
            },
            {
              "name": "openSUSE-SU-2014:0594",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00005.html"
            },
            {
              "name": "SUSE-SU-2014:0682",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00011.html"
            },
            {
              "name": "[oss-security] 20140422 Re: CVE Request: Nagios Remote Plugin Executor \u003c= 2.15 Remote Command Execution",
              "refsource": "MLIST",
              "url": "http://seclists.org/oss-sec/2014/q2/154"
            },
            {
              "name": "20140417 NRPE - Nagios Remote Plugin Executor \u003c= 2.15 Remote Command Execution",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2014/Apr/240"
            },
            {
              "name": "20140418 Re: NRPE - Nagios Remote Plugin Executor \u003c= 2.15 Remote Command Execution",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2014/Apr/242"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-2913",
    "datePublished": "2014-05-07T10:00:00",
    "dateReserved": "2014-04-18T00:00:00",
    "dateUpdated": "2024-08-06T10:28:46.232Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

SUSE-SU-2024:1417-1

CVE-2014-2913 (GCVE-0-2014-2913)

Tags

Sightings

Nomenclature