Re: [uknof] Very weird server process, hacked? /tmp/w00t /tmp/lllll /tmp/toplel

[Paul Mansfield]

ooks like you've been hit by the nagios nrpe vulnerability:
http://seclists.org/fulldisclosure/2014/Apr/240

basically it's possible to feed NRPE with additional commands because
NRPE doesn't block newlines when it cleans up input.