Vulnerabilities > CVE-2014-2913

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
opensuse
nagios
nessus
exploit available

Summary

Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe. NOTE: this issue is disputed by multiple parties. It has been reported that the vendor allows newlines as "expected behavior." Also, this issue can only occur when the administrator enables the "dont_blame_nrpe" option in nrpe.conf despite the "HIGH security risk" warning within the comments

Exploit-Db

  • descriptionNRPE <= 2.15 - Remote Command Execution. CVE-2014-2913. Remote exploits for multiple platform
    idEDB-ID:32925
    last seen2016-02-03
    modified2014-04-18
    published2014-04-18
    reporterDawid Golunski
    sourcehttps://www.exploit-db.com/download/32925/
    titleNRPE <= 2.15 - Remote Command Execution
  • descriptionNRPE 2.15 - Remote Code Execution Vulnerability. CVE-2014-2913. Remote exploits for multiple platform
    idEDB-ID:34461
    last seen2016-02-03
    modified2014-08-29
    published2014-08-29
    reporterClaudio Viviani
    sourcehttps://www.exploit-db.com/download/34461/
    titleNRPE 2.15 - Remote Code Execution Vulnerability

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-5897.NASL
    descriptionAdd patch to mitigate CVE-2014-2913 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-11-20
    plugin id79346
    published2014-11-20
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/79346
    titleFedora 20 : nrpe-2.15-2.fc20 (2014-5897)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2014-5897.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(79346);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2014-2913");
      script_bugtraq_id(66969);
      script_xref(name:"FEDORA", value:"2014-5897");
    
      script_name(english:"Fedora 20 : nrpe-2.15-2.fc20 (2014-5897)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Add patch to mitigate CVE-2014-2913
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1089878"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2014-November/144631.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?13795117"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected nrpe package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:U/RC:ND");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:nrpe");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/05/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/20");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC20", reference:"nrpe-2.15-2.fc20")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nrpe");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201408-18.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201408-18 (NRPE: Multiple Vulnerabilities) Multiple vulnerabilities have been discovered in NRPE. Please review the CVE identifiers referenced below for details. Impact : A remote attacker can utilize multiple vectors to execute arbitrary code. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id77462
    published2014-08-30
    reporterThis script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77462
    titleGLSA-201408-18 : NRPE: Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201408-18.
    #
    # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(77462);
      script_version("1.5");
      script_cvs_date("Date: 2018/12/05 20:31:22");
    
      script_cve_id("CVE-2013-1362", "CVE-2014-2913");
      script_bugtraq_id(58142, 66969);
      script_xref(name:"GLSA", value:"201408-18");
    
      script_name(english:"GLSA-201408-18 : NRPE: Multiple Vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201408-18
    (NRPE: Multiple Vulnerabilities)
    
        Multiple vulnerabilities have been discovered in NRPE. Please review the
          CVE identifiers referenced below for details.
      
    Impact :
    
        A remote attacker can utilize multiple vectors to execute arbitrary
          code.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201408-18"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All NRPE users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=net-analyzer/nrpe-2.15'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Nagios Remote Plugin Executor Arbitrary Command Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:nrpe");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/08/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/30");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"net-analyzer/nrpe", unaffected:make_list("ge 2.15"), vulnerable:make_list("lt 2.15"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "NRPE");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-5896.NASL
    descriptionAdd patch to mitigate CVE-2014-2913 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-12-07
    plugin id79793
    published2014-12-07
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/79793
    titleFedora 19 : nrpe-2.15-2.fc19 (2014-5896)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2014-5896.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(79793);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2014-2913");
      script_bugtraq_id(66969);
      script_xref(name:"FEDORA", value:"2014-5896");
    
      script_name(english:"Fedora 19 : nrpe-2.15-2.fc19 (2014-5896)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Add patch to mitigate CVE-2014-2913
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1089878"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145738.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?74f449ac"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected nrpe package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:U/RC:ND");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:nrpe");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/05/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/07");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC19", reference:"nrpe-2.15-2.fc19")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nrpe");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-335.NASL
    descriptionThis nrpe update fixes the following security documentation problem. - bnc#874743: Documented a possible command injection when command arguments are enabled (CVE-2014-2913). More details can be found inside the documentation of this package.
    last seen2020-06-05
    modified2014-06-13
    plugin id75345
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75345
    titleopenSUSE Security Update : nrpe (openSUSE-SU-2014:0594-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2014-335.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(75345);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2014-2913");
    
      script_name(english:"openSUSE Security Update : nrpe (openSUSE-SU-2014:0594-1)");
      script_summary(english:"Check for the openSUSE-2014-335 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This nrpe update fixes the following security documentation problem.
    
      - bnc#874743: Documented a possible command injection when
        command arguments are enabled (CVE-2014-2913). More
        details can be found inside the documentation of this
        package."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=874743"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2014-05/msg00005.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected nrpe packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nagios-plugins-nrpe");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nagios-plugins-nrpe-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nrpe");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nrpe-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nrpe-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/04/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE12\.3|SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3 / 13.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE12.3", reference:"nagios-plugins-nrpe-2.14-3.4.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"nagios-plugins-nrpe-debuginfo-2.14-3.4.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"nrpe-2.14-3.4.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"nrpe-debuginfo-2.14-3.4.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"nrpe-debugsource-2.14-3.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"nagios-plugins-nrpe-2.15-4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"nagios-plugins-nrpe-debuginfo-2.15-4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"nrpe-2.15-4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"nrpe-debuginfo-2.15-4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"nrpe-debugsource-2.15-4.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nagios-plugins-nrpe / nagios-plugins-nrpe-debuginfo / nrpe / etc");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2014-364.NASL
    description** DISPUTED ** Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe. NOTE: this issue is disputed by multiple parties. It has been reported that the vendor allows newlines as
    last seen2020-06-01
    modified2020-06-02
    plugin id78307
    published2014-10-12
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78307
    titleAmazon Linux AMI : nrpe (ALAS-2014-364)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2014-364.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(78307);
      script_version("1.3");
      script_cvs_date("Date: 2018/04/18 15:09:35");
    
      script_cve_id("CVE-2014-2913");
      script_xref(name:"ALAS", value:"2014-364");
    
      script_name(english:"Amazon Linux AMI : nrpe (ALAS-2014-364)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "** DISPUTED ** Incomplete blacklist vulnerability in nrpe.c in Nagios
    Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers
    to execute arbitrary commands via a newline character in the -a option
    to libexec/check_nrpe. NOTE: this issue is disputed by multiple
    parties. It has been reported that the vendor allows newlines as
    'expected behavior.' Also, this issue can only occur when the
    administrator enables the 'dont_blame_nrpe' option in nrpe.conf
    despite the 'HIGH security risk' warning within the comments."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2014-364.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update nrpe' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nagios-plugins-nrpe");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nrpe");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nrpe-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/06/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"nagios-plugins-nrpe-2.15-2.7.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nrpe-2.15-2.7.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nrpe-debuginfo-2.15-2.7.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nagios-plugins-nrpe / nrpe / nrpe-debuginfo");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_NAGIOS-NRPE-140506.NASL
    descriptionnagios-nrpe has been updated to prevent possible remote command execution when command arguments are enabled. This issue affects versions 2.15 and older. Further information is available at http://seclists.org/fulldisclosure/2014/Apr/240 These security issues have been fixed : - Remote command execution (CVE-2014-2913)
    last seen2020-06-05
    modified2014-05-21
    plugin id74116
    published2014-05-21
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/74116
    titleSuSE 11.3 Security Update : nagios-nrpe, nagios-nrpe-debuginfo, nagios-nrpe-debugsource, etc (SAT Patch Number 9204)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from SuSE 11 update information. The text itself is
    # copyright (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(74116);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2014-2913");
    
      script_name(english:"SuSE 11.3 Security Update : nagios-nrpe, nagios-nrpe-debuginfo, nagios-nrpe-debugsource, etc (SAT Patch Number 9204)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 11 host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "nagios-nrpe has been updated to prevent possible remote command
    execution when command arguments are enabled. This issue affects
    versions 2.15 and older.
    
    Further information is available at
    http://seclists.org/fulldisclosure/2014/Apr/240
    
    These security issues have been fixed :
    
      - Remote command execution (CVE-2014-2913)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=874743"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-2913.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply SAT patch number 9204.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:nagios-nrpe");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:nagios-nrpe-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:nagios-plugins-nrpe");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/05/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/21");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
    
    pl = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3");
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"nagios-nrpe-2.12-24.4.10.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"nagios-nrpe-doc-2.12-24.4.10.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"nagios-plugins-nrpe-2.12-24.4.10.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"nagios-nrpe-2.12-24.4.10.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"nagios-nrpe-doc-2.12-24.4.10.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"nagios-plugins-nrpe-2.12-24.4.10.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_NAGIOS-NRPE-140507.NASL
    descriptionnagios-nrpe has been updated to prevent possible remote command execution when command arguments are enabled. This issue affects versions 2.15 and older. Further information is available at http://seclists.org/fulldisclosure/2014/Apr/240 These security issues have been fixed : - Remote command execution (CVE-2014-2913)
    last seen2020-06-05
    modified2014-05-21
    plugin id74117
    published2014-05-21
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/74117
    titleSuSE 11.3 Security Update : nagios-nrpe, nagios-nrpe-debuginfo, nagios-nrpe-debugsource, etc (SAT Patch Number 9204)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from SuSE 11 update information. The text itself is
    # copyright (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(74117);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2014-2913");
    
      script_name(english:"SuSE 11.3 Security Update : nagios-nrpe, nagios-nrpe-debuginfo, nagios-nrpe-debugsource, etc (SAT Patch Number 9204)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 11 host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "nagios-nrpe has been updated to prevent possible remote command
    execution when command arguments are enabled. This issue affects
    versions 2.15 and older.
    
    Further information is available at
    http://seclists.org/fulldisclosure/2014/Apr/240
    
    These security issues have been fixed :
    
      - Remote command execution (CVE-2014-2913)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=874743"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-2913.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply SAT patch number 9204.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:nagios-nrpe");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:nagios-nrpe-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:nagios-plugins-nrpe");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/05/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/21");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
    
    pl = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3");
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"nagios-nrpe-2.12-24.4.10.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"nagios-nrpe-doc-2.12-24.4.10.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"nagios-plugins-nrpe-2.12-24.4.10.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMisc.
    NASL idNAGIOS_NRPE_COMMAND_ARGUMENT_PROCESSING.NASL
    descriptionThe version of Nagios Remote Plugin Executor (NRPE) running on the remote host has command argument processing enabled and accepts the newline character. An unauthenticated, remote attacker can exploit this issue to execute arbitrary commands within the context of the vulnerable application by appending those commands via a newline character in the
    last seen2020-06-01
    modified2020-06-02
    plugin id73757
    published2014-04-29
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/73757
    titleNagios NRPE Command Argument Processing Enabled
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(73757);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12");
    
      script_cve_id("CVE-2014-2913");
      script_bugtraq_id(66969);
      script_xref(name:"EDB-ID", value:"32925");
      script_xref(name:"EDB-ID", value:"34461");
    
      script_name(english:"Nagios NRPE Command Argument Processing Enabled");
      script_summary(english:"Checks if the remote Nagios NRPE server allows command argument processing containing newline.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The monitoring service running on the remote host may be affected by
    an arbitrary command execution vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The version of Nagios Remote Plugin Executor (NRPE) running on the
    remote host has command argument processing enabled and accepts the
    newline character. An unauthenticated, remote attacker can exploit
    this issue to execute arbitrary commands within the context of the
    vulnerable application by appending those commands via a newline
    character in the '-a' option to libexec/check_nrpe.");
      script_set_attribute(attribute:"see_also", value:"http://legalhackers.com/advisories/nagios-nrpe.txt");
      # https://packetstormsecurity.com/files/126211/Nagios-Remote-Plugin-Executor-2.15-Remote-Command-Execution.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?addc2ef6");
      script_set_attribute(attribute:"solution", value:
    "Disable command argument processing in the NRPE configuration.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/04/29");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:nagios:nagios");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.");
    
      script_dependencies("nagios_nrpe_detect.nasl");
      script_require_ports("Services/nrpe");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("byte_func.inc");
    # crc_func.inc is required for crc32tab[] look up table below
    include("crc_func.inc");
    
    function calculate_crc32(data)
    {
      local_var crc, i, len;
      len = strlen(data);
      crc = 0xFFFFFFFF;
      for (i=0; i<len; i++)
        crc = ((crc >>> 8) & 0x00FFFFFF) ^ crc32tab[(crc ^ ord(data[i])) & 0xFF];
      return crc ^ 0xFFFFFFFF;
    }
    
    port = get_service(svc:"nrpe", exit_on_fail:TRUE);
    
    appname = "Nagios NRPE";
    
    version = get_kb_item_or_exit("nrpe/" + port + "/Version");
    
    s = open_sock_tcp(port);
    if (!s) audit(AUDIT_SOCK_FAIL, port,'TCP');
    
    set_byte_order(BYTE_ORDER_BIG_ENDIAN);
    
    packet_version = '\x00\x02';
    packet_type    = '\x00\x01';
    crc            = '\x00\x00\x00\x00';
    result_code    = mkbyte(rand() % 255) + mkbyte(rand() % 255);
    cmd            = '_NRPE_CHECK!nessus';
    buffer = '\x0a';
    
    buffer += crap(data:'\x00', length: (1024 - strlen(cmd) - 1));
    
    random_buffer = mkbyte(rand() % 255) + mkbyte(rand() % 255);
    
    pkt = packet_version + packet_type + crc + result_code + cmd + buffer + random_buffer;
    
    crc =  uint(calculate_crc32(data:pkt));
    crc =
      mkbyte(crc >> 24) +
      mkbyte(crc >> 16) +
      mkbyte(crc >> 8) +
      mkbyte(crc >> 0);
    
    pkt = packet_version + packet_type + crc + result_code + cmd + buffer + random_buffer;
    
    send(socket:s, data:pkt);
    
    res = recv(socket:s, length:10, min:10);
    
    # when command argument processing is disabled, the server will not respond at all
    if (strlen(res) == 0)
    {
      close(s);
      audit(AUDIT_LISTEN_NOT_VULN, appname, port, version);
    }
    
    if (strlen(res) != 10)
    {
      close(s);
      exit(0, 'Unexpected response size for service on port ' + port + '.');
    }
    
    recv_version     = substr(res, 0, 1);
    recv_pkt_type    = substr(res, 2, 3);
    recv_crc         = substr(res, 4, 7);
    recv_result_code = substr(res, 8, 9);
    
    if (recv_version  != '\x00\x02')
    {
      close(s);
      exit(0, 'Unrecognized protocol version for service on port ' + port + '.');
    }
    
    if (recv_pkt_type != '\x00\x02')
    {
      close(s);
      exit(0, 'Unrecognized packet type for server on port ' + port + '.');
    }
    
    data = recv(socket:s, length:1024, min:1024);
    if (strlen(data) == 0)
    {
      close(s);
      audit(AUDIT_RESP_NOT, port);
    }
    
    if ("NRPE" >!< data) audit(AUDIT_NOT_DETECT, appname, port);
    
    if (strlen(data) != 1024)
    {
      close(s);
      exit(0, 'Unexpected response size for service on port ' + port + '.');
    }
    
    rand_bytes = recv(socket:s, length:2, min:2);
    
    close(s);
    
    if (strlen(rand_bytes) == 0) audit(AUDIT_RESP_NOT, port);
    
    if (strlen(rand_bytes) != 2)
      exit(0, 'Unexpected response size for service on port ' + port + '.');
    
    recv_pkt = recv_version + recv_pkt_type + '\x00\x00\x00\x00' +
               recv_result_code + data + rand_bytes;
    
    calculated_crc = uint(calculate_crc32(data:recv_pkt));
    calculated_crc =
      mkbyte(calculated_crc >> 24) +
      mkbyte(calculated_crc >> 16) +
      mkbyte(calculated_crc >> 8) +
      mkbyte(calculated_crc >> 0);
    
    if (recv_crc != calculated_crc)
      exit(0, 'CRC check failed for service on port ' + port + '.');
    
    # if we get a proper response, we are vuln
    security_report_v4(
      port:port,
      severity:SECURITY_HOLE,
      extra:report_items_str(report_items:make_array(
        "Version", version,
        "NRPE command argument processing", "Enabled"
      ))
    );
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-15398.NASL
    descriptionUse %configure macro as it deals with config.sub/guess and various flags properly ---- nrpe-2.15-6.el7 - Fix spec file for missing /usr/share/libtool/config/config.guess nrpe-2.15-6.el6 - Fix spec file for missing /usr/share/libtool/config/config.guess nrpe-2.15-6.fc23 - Fix spec file for missing /usr/share/libtool/config/config.guess nrpe-2.15-6.fc22 - Fix spec file for missing /usr/share/libtool/config/config.guess nrpe-2.15-6.fc21 - Fix spec file for missing /usr/share/libtool/config/config.guess Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-09-21
    plugin id86042
    published2015-09-21
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86042
    titleFedora 23 : nrpe-2.15-7.fc23 (2015-15398)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2015-15398.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(86042);
      script_version("2.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2014-2913");
      script_xref(name:"FEDORA", value:"2015-15398");
    
      script_name(english:"Fedora 23 : nrpe-2.15-7.fc23 (2015-15398)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Use %configure macro as it deals with config.sub/guess and various
    flags properly ---- nrpe-2.15-6.el7 - Fix spec file for missing
    /usr/share/libtool/config/config.guess nrpe-2.15-6.el6 - Fix spec file
    for missing /usr/share/libtool/config/config.guess nrpe-2.15-6.fc23 -
    Fix spec file for missing /usr/share/libtool/config/config.guess
    nrpe-2.15-6.fc22 - Fix spec file for missing
    /usr/share/libtool/config/config.guess nrpe-2.15-6.fc21 - Fix spec
    file for missing /usr/share/libtool/config/config.guess
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1089880"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1239738"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2015-September/166528.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?d1d81b43"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected nrpe package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:nrpe");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:23");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/09/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/21");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^23([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 23.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC23", reference:"nrpe-2.15-7.fc23")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nrpe");
    }
    

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/128038/nrpe_215_rce_exploit.txt
idPACKETSTORM:128038
last seen2016-12-05
published2014-08-28
reporterDawid Golunski
sourcehttps://packetstormsecurity.com/files/128038/NRPE-2.15-Remote-Command-Execution.html
titleNRPE 2.15 Remote Command Execution

Seebug

bulletinFamilyexploit
descriptionNo description provided by source.
idSSV:87224
last seen2017-11-19
modified2014-09-04
published2014-09-04
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-87224
titleNRPE 2.15 - Remote Code Execution Vulnerability