This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote openSUSE host is missing a security update.
NRPE (the Nagios Remote Plug-In Executor) allows the passing of $() to
plugins/scripts which, if run under bash, will execute that shell
command under a subprocess and pass the output as a parameter to the
called script. Using this, it is possible to get called scripts, such
as check_http, to execute arbitrary commands under the uid that
NRPE/nagios is running as (typically, 'nagios').
With this update NRPE will deny remote requests containing a bash
See also :
Update the affected nagios-nrpe packages.
Risk factor :
High / CVSS Base Score : 7.5
Public Exploit Available : true