GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sat Aug 30, 2014 3:26 am Post subject: [ GLSA 201408-18 ] NRPE: Multiple Vulnerabilities |
|
|
Gentoo Linux Security Advisory
Title: NRPE: Multiple Vulnerabilities (GLSA 201408-18)
Severity: normal
Exploitable: remote
Date: August 30, 2014
Bug(s): #397603, #459870, #508122
ID: 201408-18
Synopsis
Multiple vulnerabilities have been found in NRPE, the worst of
which can allow execution of arbitrary code.
Background
Nagios Remote Plugin Executor (NRPE) remotely executes Nagios plugins on
other Linux/Unix machines.
Affected Packages
Package: net-analyzer/nrpe
Vulnerable: < 2.15
Unaffected: >= 2.15
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in NRPE. Please review the
CVE identifiers referenced below for details.
Impact
A remote attacker can utilize multiple vectors to execute arbitrary
code.
Workaround
There is no known workaround at this time.
Resolution
All NRPE users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/nrpe-2.15"
|
References
CVE-2013-1362
CVE-2014-2913 |
|