Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 18 Apr 2014 10:16:14 +0400
From: gremlin@...mlin.ru
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution

On 18-Apr-2014 10:14:16 +0800, Eduardo Tongson wrote:

 > Details: http://seclists.org/fulldisclosure/2014/Apr/240
 > Fix:

 > --- nrpe/src/nrpe.c
 > +++ nrpe/src/nrpe.c
 > -#define NASTY_METACHARS         "|`&><'\"\\[]{};"
 > +#define NASTY_METACHARS         "|`&><'\"\\[]{};\n"

Adding \r here may be a good idea as well...


-- 
Alexey V. Vissarionov aka Gremlin from Kremlin <gremlin  gremlin  ru>
GPG: 8832FE9FA791F7968AC96E4E909DAC45EF3B1FA8 @ hkp://keys.gnupg.net

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ