VDB

GCVE-110-MAGEIA-2020-247

GCVE-110-MAGEIA-2020-247
Advisory Published
Vulnetix · Advisory published June 10, 2020
Updated nrpe packages fix security vulnerabilities: Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets \n as the character \ and the character n (not as the \n newline sequence). This can cause command injection (CVE-2020-6581). Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call (CVE-2020-6582).

Affected Products

VendorProductVersionsPlatforms
Mageiaxfsprogs0 (affected), 5.10.0-1.mga7 (unaffected)
Mageiainih0 (affected), 52-1.mga7 (unaffected)
Mageianrpe3.2.1-3.2.mga7 (unaffected), 0 (affected), 3.2.1-3.2.mga7 (unaffected), 0 (affected)

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›