Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe. NOTE: this issue is disputed by multiple parties. It has been reported that the vendor allows newlines as "expected behavior." Also, this issue can only occur when the administrator enables the "dont_blame_nrpe" option in nrpe.conf despite the "HIGH security risk" warning within the comments
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Nagios Remote Plugin Executor 安全漏洞
Vulnerability Description
Nagios是美国程序员Ethan Galstad所研发的一套开源的系统运行状态和网络信息监控程序。Nagios Remote Plugin Executor(NRPE)是一个Nagios代理,它用在被监控的服务器上,向Nagios监控平台提供该服务器的一些本地情况。 NRPE 2.15及之前版本的nrpe.c文件中存在不完整黑名单漏洞。远程攻击者可借助-a选项中的换行符利用该漏洞执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A