Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 18 Apr 2014 10:16:14 +0400
Subject: Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution

On 18-Apr-2014 10:14:16 +0800, Eduardo Tongson wrote:

 > Details:
 > Fix:

 > --- nrpe/src/nrpe.c
 > +++ nrpe/src/nrpe.c
 > -#define NASTY_METACHARS         "|`&><'\"\\[]{};"
 > +#define NASTY_METACHARS         "|`&><'\"\\[]{};\n"

Adding \r here may be a good idea as well...

Alexey V. Vissarionov aka Gremlin from Kremlin <gremlin ПРИ gremlin ТЧК ru>
GPG: 8832FE9FA791F7968AC96E4E909DAC45EF3B1FA8 @ hkp://

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ