Описание
etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| icinga2 | fixed | 2.8.4-1 | package | |
| icinga2 | no-dsa | stretch | package | |
| icinga2 | no-dsa | jessie | package |
Примечания
https://github.com/Icinga/icinga2/issues/5793
Fixed by: https://github.com/Icinga/icinga2/commit/5aafc7eda5c1b026a993fc2782fa84b8f3e8e052 (v2.8.2)
CVE is for the unsafe use of chown(1)
EPSS
Связанные уязвимости
etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link.
etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link.
etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link.
EPSS