Werk #14087: Fix privilege escalation vulnerability
Komponente | Checks & agents | ||||||||
Titel | Fix privilege escalation vulnerability | ||||||||
Datum | 12.05.2022 | ||||||||
Level | Bedeutende Änderung | ||||||||
Klasse | Sicherheitsfix | ||||||||
Kompatibilität | Kompatibel - benötigt kein manuelles Eingreifen | ||||||||
Checkmk versions & editions |
|
Previously to this Werk an attacker who could become a site user could replace the sites bin/unixcat by a custom executable. The Checkmk agent would then run it as root.
With this Werk the agent now always calls one of the shipped unixcats below /omd/versions/.
All maintained versions (>=1.6) are subject to this vulnerability. It is likely that also previous versions were vulnerable.
To check against possible exploitation make sure that the sites directory ~MySite/bin points to /omd/versions/MySitesVersion/bin.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 8.8
We assigned CVE-2022-43440 to this vulnerability.
We thank Jan-Philipp Litza (PLUTEX GmbH) for bringing this to our attention.