Werk #15423: Linux agent: Handle failing symmetric encryption

Komponente

Checks & agents

Titel

Linux agent: Handle failing symmetric encryption

Datum

31.03.2023

Level

Kleine Änderung

Klasse

Sicherheitsfix

Kompatibilität

Kompatibel - benötigt kein manuelles Eingreifen

Checkmk versions & editions

2.3.0b1	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.2.0b3	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.1.0p26	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
2.0.0p35	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)

Prior to this Werk the symmetric encryption of agent data (if configured) would fail silently if the option "Run agent as non-root user (Linux)" was also set, since these two options are not compatible. As a result, agent output would be sent unencrypted.

If symmetric encryption is configured, but failing, the agent will now abort immediately and transmit a message about the failure as the only output.
This will then be reported at the Check_MK Agent service of the host, alongside a CRIT status.

Affected Versions: * 2.2.0 (beta) * 2.1.0 * 2.0.0 * 1.6.0 (EOL)

Vulnerability Management: We have rated the issue with a CVSS Score of 3.7 (Low) with the following CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. We have assigned CVE CVE-2023-1768.

Zur Liste aller Werks