Nagios NRPE nrpe.c Arbitrary Command Execution

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.

Synopsis :

The monitoring service running on the remote host is affected by an
arbitrary command execution vulnerability.

Description :

The remote host is running a version of Nagios NRPE that contains a
flaw that is triggered when input passed via '$()' is not properly
sanitized before being used to execute plugins.

An unauthenticated, remote attacker could exploit this issue to
execute arbitrary commands within the context of the vulnerable

See also :

Solution :

Upgrade to Nagios NRPE 2.14 or later.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 66361 ()

Bugtraq ID: 58142

CVE ID: CVE-2013-1362