Addressing security vulnerabilities

[Andreas Ericsson]

On 11/27/2012 05:11 PM, Rudolph Pereira wrote:
> Hi all,
> 
> I submitted http://tracker.nagios.org/view.php?id=400 a while ago and
> have had little to no response on it, even though it is a serious
> issue.
> 
> I am looking for suggestions on how to deal with this; given the
> seriousness of the issue and how many users it affects I believe a
> security vulnerability notice should go out at the very least. Should
> I be working with ocert or some other intermediary on this?
> 

Have you tested this exploit? It might be blocked by how NRPE handles
command line arguments.

One very simple way around it would otherwise be to disallow relative
paths to commands and use execve() to execute the checks. That way,
the plugin will get '$(lalafoo)' as an argument rather than the output
of that command.

-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Tel: +46 8-230225                  Fax: +46 8-230231

Considering the successes of the wars on alcohol, poverty, drugs and
terror, I think we should give some serious thought to declaring war
on peace.

------------------------------------------------------------------------------
Keep yourself connected to Go Parallel: 
INSIGHTS What's next for parallel hardware, programming and related areas?
Interviews and blogs by thought leaders keep you ahead of the curve.
http://goparallel.sourceforge.net