Nagios Remote Plugin Executor Metacharacter Filtering Omission

Added: 05/13/2013
CVE: CVE-2013-1362
BID: 58142
OSVDB: 90582

Background

Nagios is a network host and service monitoring and management system. Nagios Remote Plugin Executor (NRPE) is an addon for Nagios that allows remote execution of Nagios plugins on other Linux/Unix machines.

Problem

Nagios Remote Plugin Executor (NRPE) before 2.14, when compiled with --enable-command-args (usually set by default) contains a vulnerability that is triggered when input passed via $() is not properly sanitized before being used in plugins/scripts. If the plugins/ scripts are run under the bash shell, bash will execute that shell command and pass the output as a parameter to the called script. A remote attacker could exploit this vulnerability to execute arbitrary commands in the context of the NRPE/Nagios application.

Resolution

Upgrade to NRPE 2.14 or later.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701227

Limitations

This exploit was tested against Nagios Enterprises Nagios Remote Plugin Executor 2.13 on CentOS Project CentOS 6 (Exec-Shield Enabled).

The Perl modules MIME::Base64 and String::CRC32 are required to run the exploit. The Netcat utility (nc) must be installed on the target.

Platforms

Linux

Back to exploit index