Addressing security vulnerabilities

[Andreas Ericsson]

On 11/28/2012 03:46 PM, Rudolph Pereira wrote:
> Yes, I have tested this - we were able to compromise a host at a
> client using this.
> 
> I think use of execve() would be fine, though wasn't sure if you loss
> of variable expansion would be acceptable.
> 

Shell variables have never been officially supported in NRPE, so it's
not a huge issue. I'm not the NRPE maintainer, but I imagine that a
patch of some sort that resolves a potential remote-shell exploit would
be welcome. Once you have it and have contacted Eric Stanley and gotten
some sort of response out of him, a CVE id should be procured. I can do
that if you're unfamiliar with the process (which is really simple).

If so, send me the info you've got in as brief as possible format with
an extended explanation and description of how to exploit it and I'll
make sure it gets posted to the right places.

Thanks.

-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Tel: +46 8-230225                  Fax: +46 8-230231

Considering the successes of the wars on alcohol, poverty, drugs and
terror, I think we should give some serious thought to declaring war
on peace.

------------------------------------------------------------------------------
Keep yourself connected to Go Parallel: 
VERIFY Test and improve your parallel project with help from experts 
and peers. http://goparallel.sourceforge.net