An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf file, Icinga 2 can be run as root. Following this the program can be used to run arbitrary code as root. This was fixed by no longer using init.conf to determine account information for any root-executed code (a larger issue than CVE-2017-16933).
References
Link | Resource |
---|---|
https://github.com/Icinga/icinga2/pull/5850 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-02-27T19:00:00
Updated: 2018-03-01T14:57:01
Reserved: 2018-02-02T00:00:00
Link: CVE-2018-6533
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-02-27T19:29:00.450
Modified: 2019-10-03T00:03:26.223
Link: CVE-2018-6533
JSON object: View
Redhat Information
No data.
CWE