Amazon Linux 1 Security Advisory: ALAS-2013-203
Advisory Release Date: 2013-06-20 14:14 Pacific
Advisory Updated Date: 2014-09-15 23:31 Pacific
Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters, which are processed by bash.
Affected Packages:
nrpe
Issue Correction:
Run yum update nrpe to update your system.
i686:
nagios-plugins-nrpe-2.14-3.5.amzn1.i686
nrpe-2.14-3.5.amzn1.i686
nrpe-debuginfo-2.14-3.5.amzn1.i686
src:
nrpe-2.14-3.5.amzn1.src
x86_64:
nagios-plugins-nrpe-2.14-3.5.amzn1.x86_64
nrpe-2.14-3.5.amzn1.x86_64
nrpe-debuginfo-2.14-3.5.amzn1.x86_64