Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2014-2913

Date: May 7, 2014

Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe. NOTE: this issue is disputed by multiple parties. It has been reported that the vendor allows newlines as "expected behavior." Also, this issue can only occur when the administrator enables the "dont_blame_nrpe" option in nrpe.conf despite the "HIGH security risk" warning within the comments

Language: C

Severity Score

Related Resources (12)

http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00011.html
http://www.securityfocus.com/bid/66969
http://seclists.org/fulldisclosure/2014/Apr/242
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166528.html
http://seclists.org/fulldisclosure/2014/Apr/240
http://lists.opensuse.org/opensuse-updates/2014-05/msg00005.html
http://seclists.org/oss-sec/2014/q2/154
http://seclists.org/oss-sec/2014/q2/155
https://nvd.nist.gov/vuln/detail/CVE-2014-2913
http://lists.opensuse.org/opensuse-updates/2014-05/msg00014.html
https://people.canonical.com/~ubuntu-security/cve/CVE-2014-2913
https://www.mend.io/vulnerability-database/CVE-2014-2913

Severity Score

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): LOW

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us