opensuse opensuse CVE-2014-2913 in OpenSuse and Nagios Products
Published on May 7, 2014

product logo product logo
Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe. NOTE: this issue is disputed by multiple parties. It has been reported that the vendor allows newlines as "expected behavior." Also, this issue can only occur when the administrator enables the "dont_blame_nrpe" option in nrpe.conf despite the "HIGH security risk" warning within the comments

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD


Products Associated with CVE-2014-2913

stack.watch emails you whenever new vulnerabilities are published in OpenSuse or Nagios Remote Plugin Executor. Just hit a watch button to start following.

OpenSuse
 
Nagios Remote Plugin Executor
 

Exploit Probability

EPSS
14.24%
Percentile
94.29%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.