Skip to content
This repository has been archived by the owner on Jan 15, 2019. It is now read-only.

[dev.icinga.com #13709] CVE-2016-9566: Root priviledge escalation during log file opening #1586

Closed
icinga-migration opened this issue Dec 21, 2016 · 4 comments
Milestone

Comments

@icinga-migration
Copy link

This issue has been migrated from Redmine: https://dev.icinga.com/issues/13709

Created by mfrosch on 2016-12-21 09:45:31 +00:00

Assignee: mfrosch
Status: Resolved (closed on 2016-12-21 10:03:08 +00:00)
Target Version: 1.14
Last Update: 2017-01-05 21:27:49 +00:00 (in Redmine)

Icinga Version: 1.13.0
OS Version: any

Clarification

This bug affects Icinga 1 only during opening of a debug log file. (On daemon startup)

Or when Icinga writes a startup error to log (logit).

Environment

During startup, Icinga can open a debug log file, before dropping root privileges. And therefor it might write to a system file, following a symlink.

References

Changesets

2016-12-21 09:49:38 +00:00 by (unknown) 7c18062

Fix possible root privilege escalation during opening logs (CVE-2016-9566)

Backported change from Nagios Core.

Note: This bug affects Icinga 1.x only for opening a debug log.

https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html

Thanks to Dawid Golunski for raising awareness.

Thanks to John C. Frickson (Nagios) for fixing.

Signed-off-by: Markus Frosch <markus.frosch@icinga.com>

refs #13709

2016-12-21 09:49:53 +00:00 by mfrosch 166c742

base/icinga: Open debug log after dropping privileges

refs #13709

2016-12-21 10:01:53 +00:00 by (unknown) a0eb847

Fix possible root privilege escalation during opening logs (CVE-2016-9566)

Backported change from Nagios Core.

Note: This bug affects Icinga 1.x only for opening a debug log, or when
a config error gets logged on startup.

https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html

Thanks to Dawid Golunski for raising awareness.

Thanks to John C. Frickson (Nagios) for fixing.

Signed-off-by: Markus Frosch <markus.frosch@icinga.com>

refs #13709

2016-12-21 10:02:16 +00:00 by mfrosch e0f55bc

base/icinga: Open debug log after dropping privileges

refs #13709

2016-12-22 19:03:35 +00:00 by mfriedrich ce5e59c

Update AUTHORS

refs #13709
refs #13749

2016-12-22 19:44:43 +00:00 by (unknown) 17f7206

Fix possible root privilege escalation during opening logs (CVE-2016-9566)

Backported change from Nagios Core.

Note: This bug affects Icinga 1.x only for opening a debug log, or when
a config error gets logged on startup.

https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html

Thanks to Dawid Golunski for raising awareness.

Thanks to John C. Frickson (Nagios) for fixing.

Signed-off-by: Markus Frosch <markus.frosch@icinga.com>

refs #13709

2016-12-22 19:44:43 +00:00 by mfrosch 1b3507e

base/icinga: Open debug log after dropping privileges

refs #13709

2016-12-22 19:47:17 +00:00 by (unknown) f7f7e18

Fix possible root privilege escalation during opening logs (CVE-2016-9566)

Backported change from Nagios Core.

Note: This bug affects Icinga 1.x only for opening a debug log, or when
a config error gets logged on startup.

https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html

Thanks to Dawid Golunski for raising awareness.

Thanks to John C. Frickson (Nagios) for fixing.

Signed-off-by: Markus Frosch <markus.frosch@icinga.com>

refs #13709

2016-12-22 19:47:18 +00:00 by mfrosch 48ee4cc

base/icinga: Open debug log after dropping privileges

refs #13709

2016-12-22 19:49:29 +00:00 by (unknown) 320f886

Fix possible root privilege escalation during opening logs (CVE-2016-9566)

Backported change from Nagios Core.

Note: This bug affects Icinga 1.x only for opening a debug log, or when
a config error gets logged on startup.

https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html

Thanks to Dawid Golunski for raising awareness.

Thanks to John C. Frickson (Nagios) for fixing.

Signed-off-by: Markus Frosch <markus.frosch@icinga.com>

refs #13709

2016-12-22 19:49:30 +00:00 by mfrosch 5f510d5

base/icinga: Open debug log after dropping privileges

refs #13709
@icinga-migration
Copy link
Author

Updated by mfrosch on 2016-12-21 09:48:32 +00:00

  • Description updated
  • Priority changed from Low to Normal

@icinga-migration
Copy link
Author

Updated by mfrosch on 2016-12-21 10:02:55 +00:00

  • Status changed from New to Assigned

@icinga-migration
Copy link
Author

Updated by mfrosch on 2016-12-21 10:03:08 +00:00

  • Status changed from Assigned to Resolved

Merged into master

@icinga-migration
Copy link
Author

Updated by mfriedrich on 2017-01-05 21:27:49 +00:00

http://seclists.org/oss-sec/2017/q1/17?utm\_source=dlvr.it&utm\_medium=twitter

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

1 participant