On Sat, 23 Apr 2016, Jan Tomasek wrote: > Hi, > > I'm another one who spend some time examining why after upgrade is nrpe > not working. > > I've read whole thread about this Bug#756479 and can't find any > reference to description how to to exploit nagios-nrpe-server with > > dont_blame_nrpe=0 > allow_bash_command_substitution=0 > > I've been searching form CVE at > https://www.cvedetails.com/vulnerability-list/vendor_id-1424/Nagios.html > and only relevant is https://www.cvedetails.com/cve/CVE-2014-2913/ > > but again no way how to exploit when this functionality is disabled - > which is by default in config file. I would prefer to have back package > which do not require recompiling. > > Please take this mail as another voice for returning functionality back > into Debian package. And just to say it again, the package is orphaned. Anyone is free to bring it back.
Alex
