Hi,
I've seen a bunch of scans for this exploit across my hosts, and
have already heard of some hosts compromised by it:
http://seclists.org/fulldisclosure/2014/Apr/240
So if you run Nagios NRPE, please make sure to:
- Firewall it off appropriately
- Use its config options for restricting who can talk to it
- Disable client specification of command arguments if possible
- Upgrade to a fixed version
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
_______________________________________________
announce mailing list
announce(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/announce