Mandriva Linux Security Advisory 2014-003 - Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor before 2.14 might allow remote attackers to execute arbitrary shell commands via $() shell metacharacters, which are processed by bash. The updated packages have been patched to correct this issue.
ae3af96c61f5cb0bcc8ef2cfd7bd0d9f0aa1fdf1facbc9382e974b70630cdf6e