CVE-2023-37154:

check_by_ssh in Nagios nagios-plugins 2.4.5 allows arbitrary command execution
via ProxyCommand, LocalCommand, and PermitLocalCommand with \${IFS}. This has
been categorized both as fixed in e8810de, and as intended behavior.

Refer:
https://nvd.nist.gov/vuln/detail/CVE-2023-37154

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>

recipes-extended/nagios/nagios-plugins/CVE-2023-37154.patch

@@ -0,0 +1,69 @@
+From 7f07a9e89373d5906c2b6a9eee0e74cf69f302c1 Mon Sep 17 00:00:00 2001
+From: Sebastian Wolf <swolf@nagios.com>
+Date: Wed, 31 May 2023 16:43:54 -0400
+Subject: [PATCH] check_by_ssh: Prevent users from using several SSH options
+ which run local commands.
+
+CVE: CVE-2023-37154
+Upstream-Status: Backport [https://github.com/nagios-plugins/nagios-plugins/commit/e8810de21be80148562b7e0168b0a62aeedffde6]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ configure.ac           | 10 ++++++++++
+ plugins/check_by_ssh.c | 12 +++++++++++-
+ 2 files changed, 21 insertions(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 963514a..236d233 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -418,6 +418,16 @@ then
+ 		[path and arguments for invoking 'who'])
+ fi
+ 
++AC_ARG_WITH(unrestricted_ssh_options,
++	[AS_HELP_STRING([--with-unrestricted-ssh-options],
++		[allow any SSH options to be used with check_by_ssh])],
++	[],
++	[unrestricted_ssh_options=no])
++
++if test "x$with_unrestricted_ssh_options" = xyes ; then
++	AC_DEFINE(HAVE_UNRESTRICTED_SSH_OPTIONS,[1],[Allow SSH to use options that run local commands.])
++fi
++
+ AC_ARG_WITH([ipv6],
+ 	[AS_HELP_STRING([--with-ipv6], [support IPv6 @<:@default=check@:>@])],
+ 	[], [with_ipv6=check])
+diff --git a/plugins/check_by_ssh.c b/plugins/check_by_ssh.c
+index b6f3130..6cc6c7a 100644
+--- a/plugins/check_by_ssh.c
++++ b/plugins/check_by_ssh.c
+@@ -27,7 +27,7 @@
+ *****************************************************************************/
+ 
+ const char *progname = "check_by_ssh";
+-const char *copyright = "2000-2014";
++const char *copyright = "2000-";
+ const char *email = "devel@nagios-plugins.org";
+ 
+ #include "common.h"
+@@ -299,6 +299,16 @@ process_arguments (int argc, char **argv)
+ 				skip_stderr = atoi (optarg);
+ 			break;
+ 		case 'o':									/* Extra options for the ssh command */
++
++			/* Don't allow the user to run commands local to the nagios server, unless they decide otherwise at compile time. */
++#ifndef HAVE_UNRESTRICTED_SSH_OPTIONS
++			if (   strcasestr(optarg, "ProxyCommand") != NULL
++				|| strcasestr(optarg, "PermitLocalCommand") != NULL
++				|| strcasestr(optarg, "LocalCommand") != NULL) {
++				break;
++			}
++#endif
++
+ 			comm_append("-o");
+ 			comm_append(optarg);
+ 			break;
+-- 
+2.23.0
+

recipes-extended/nagios/nagios-plugins_2.2.1.bb

@@ -9,6 +9,7 @@ LICENSE = "GPL-3.0-only"
 LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
 
 SRC_URI = "https://www.nagios-plugins.org/download/${BPN}-${PV}.tar.gz \
+           file://CVE-2023-37154.patch \
 "
 
 SRC_URI[md5sum] = "fb521d5c05897f165b0b1862c1e5cb27"