You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jan 15, 2019. It is now read-only.
Fix possible root privilege escalation during opening logs (CVE-2016-9566)
Backported change from Nagios Core.
Note: This bug affects Icinga 1.x only for opening a debug log.
https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html
Thanks to Dawid Golunski for raising awareness.
Thanks to John C. Frickson (Nagios) for fixing.
Signed-off-by: Markus Frosch <markus.frosch@icinga.com>
refs #13709
Fix possible root privilege escalation during opening logs (CVE-2016-9566)
Backported change from Nagios Core.
Note: This bug affects Icinga 1.x only for opening a debug log, or when
a config error gets logged on startup.
https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html
Thanks to Dawid Golunski for raising awareness.
Thanks to John C. Frickson (Nagios) for fixing.
Signed-off-by: Markus Frosch <markus.frosch@icinga.com>
refs #13709
Fix possible root privilege escalation during opening logs (CVE-2016-9566)
Backported change from Nagios Core.
Note: This bug affects Icinga 1.x only for opening a debug log, or when
a config error gets logged on startup.
https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html
Thanks to Dawid Golunski for raising awareness.
Thanks to John C. Frickson (Nagios) for fixing.
Signed-off-by: Markus Frosch <markus.frosch@icinga.com>
refs #13709
Fix possible root privilege escalation during opening logs (CVE-2016-9566)
Backported change from Nagios Core.
Note: This bug affects Icinga 1.x only for opening a debug log, or when
a config error gets logged on startup.
https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html
Thanks to Dawid Golunski for raising awareness.
Thanks to John C. Frickson (Nagios) for fixing.
Signed-off-by: Markus Frosch <markus.frosch@icinga.com>
refs #13709
Fix possible root privilege escalation during opening logs (CVE-2016-9566)
Backported change from Nagios Core.
Note: This bug affects Icinga 1.x only for opening a debug log, or when
a config error gets logged on startup.
https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html
Thanks to Dawid Golunski for raising awareness.
Thanks to John C. Frickson (Nagios) for fixing.
Signed-off-by: Markus Frosch <markus.frosch@icinga.com>
refs #13709
This issue has been migrated from Redmine: https://dev.icinga.com/issues/13709
Created by mfrosch on 2016-12-21 09:45:31 +00:00
Assignee: mfrosch
Status: Resolved (closed on 2016-12-21 10:03:08 +00:00)
Target Version: 1.14
Last Update: 2017-01-05 21:27:49 +00:00 (in Redmine)
Clarification
This bug affects Icinga 1 only during opening of a debug log file. (On daemon startup)
Or when Icinga writes a startup error to log (logit).
Environment
During startup, Icinga can open a debug log file, before dropping root privileges. And therefor it might write to a system file, following a symlink.
References
Changesets
2016-12-21 09:49:38 +00:00 by (unknown) 7c18062
2016-12-21 09:49:53 +00:00 by mfrosch 166c742
2016-12-21 10:01:53 +00:00 by (unknown) a0eb847
2016-12-21 10:02:16 +00:00 by mfrosch e0f55bc
2016-12-22 19:03:35 +00:00 by mfriedrich ce5e59c
2016-12-22 19:44:43 +00:00 by (unknown) 17f7206
2016-12-22 19:44:43 +00:00 by mfrosch 1b3507e
2016-12-22 19:47:17 +00:00 by (unknown) f7f7e18
2016-12-22 19:47:18 +00:00 by mfrosch 48ee4cc
2016-12-22 19:49:29 +00:00 by (unknown) 320f886
2016-12-22 19:49:30 +00:00 by mfrosch 5f510d5
The text was updated successfully, but these errors were encountered: