An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf file, Icinga 2 can be run as root. Following this the program can be used to run arbitrary code as root. This was fixed by no longer using init.conf to determine account information for any root-executed code (a larger issue than CVE-2017-16933).
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/Icinga/icinga2/pull/5850 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-02-27T19:00:00
Updated: 2024-08-05T06:10:10.143Z
Reserved: 2018-02-02T00:00:00
Link: CVE-2018-6533
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-02-27T19:29:00.450
Modified: 2024-11-21T04:10:51.017
Link: CVE-2018-6533
Redhat
No data.