Ubuntu
nagios-nrpe package

nrpe allows the passing of $() as command arguments to execute shell commands

Bug #1153638 reported by Christian Gruen
268
This bug affects 3 people
Affects Status Importance Assigned to Milestone
nagios-nrpe (Debian)
Fix Released
Unknown
nagios-nrpe (Ubuntu)
Fix Released
Low
Unassigned
Lucid
Won't Fix
Low
Unassigned
Oneiric
Won't Fix
Low
Unassigned
Precise
Won't Fix
Low
Unassigned
Quantal
Won't Fix
Low
Unassigned
Raring
Won't Fix
Low
Unassigned

Bug Description

See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701227.

Fixed in Debian already. Hope that patched Ubuntu packages will be released very soon.

CVE References

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Since this issue has been rated as having a "low" priority, it will only get fixed when a more important security issue comes up.

Tracked here:
http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1362.html

information type: Private Security → Public Security
Changed in nagios-nrpe (Ubuntu Lucid):
status: New → Confirmed
Changed in nagios-nrpe (Ubuntu Oneiric):
status: New → Confirmed
Changed in nagios-nrpe (Ubuntu Precise):
status: New → Confirmed
Changed in nagios-nrpe (Ubuntu Raring):
status: New → Confirmed
Changed in nagios-nrpe (Ubuntu Quantal):
status: New → Confirmed
Changed in nagios-nrpe (Ubuntu Oneiric):
importance: Undecided → Low
Changed in nagios-nrpe (Ubuntu Precise):
importance: Undecided → Low
Changed in nagios-nrpe (Ubuntu Quantal):
importance: Undecided → Low
Changed in nagios-nrpe (Ubuntu Raring):
importance: Undecided → Low
Changed in nagios-nrpe (Ubuntu Lucid):
importance: Undecided → Low
Bug Watch Updater (bug-watch-updater)
Changed in nagios-nrpe (Debian):
status: Unknown → Fix Released
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for reporting this bug to Ubuntu. oneiric has reached EOL
(End of Life) for this package and is no longer supported. As
a result, this bug against oneiric is being marked "Won't Fix".
Please see https://wiki.ubuntu.com/Releases for currently
supported Ubuntu releases.

Please feel free to report any other bugs you may find.

Changed in nagios-nrpe (Ubuntu Oneiric):
status: Confirmed → Won't Fix
Revision history for this message
Simon Déziel (sdeziel) wrote :

Marking as fixed released since Trusty now has 2.15 and the issue was fixed upstream in 2.14.

Changed in nagios-nrpe (Ubuntu):
status: Confirmed → Fix Released
Jamie Strandboge (jdstrand)
Changed in nagios-nrpe (Ubuntu Raring):
status: Confirmed → Won't Fix
Jamie Strandboge (jdstrand)
Changed in nagios-nrpe (Ubuntu Quantal):
status: Confirmed → Won't Fix
Revision history for this message
Rolf Leggewie (r0lf) wrote :

lucid has seen the end of its life and is no longer receiving any updates. Marking the lucid task for this ticket as "Won't Fix".

Changed in nagios-nrpe (Ubuntu Lucid):
status: Confirmed → Won't Fix
Revision history for this message
Steve Langasek (vorlon) wrote :

The Precise Pangolin has reached end of life, so this bug will not be fixed for that release

Changed in nagios-nrpe (Ubuntu Precise):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.