Nagios NRPE nrpe.c Arbitrary Command Execution
High Nessus Plugin ID 66361
SynopsisThe monitoring service running on the remote host is affected by an arbitrary command execution vulnerability.
DescriptionThe remote host is running a version of Nagios NRPE that contains a flaw that is triggered when input passed via '$()' is not properly sanitized before being used to execute plugins.
An unauthenticated, remote attacker could exploit this issue to execute arbitrary commands within the context of the vulnerable application.
SolutionUpgrade to Nagios NRPE 2.14 or later.