Werk #16226: Privilege escalation in Agent

Komponente Checks & agents
Titel Privilege escalation in Agent
Datum 07.12.2023
Level Bedeutende Änderung
Klasse Sicherheitsfix
Kompatibilität Kompatibel - benötigt kein manuelles Eingreifen
Checkmk versions & editions
2.3.0b1 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.2.0p17 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)

In order to monitor livestatus from running sites on a host the Checkmk agent uses unixcat that is part of Checkmk. Since the binary is linked to libraries that are also part of Checkmk and may differ from the libraries of the operating system calling unixcat outside of the scope of a site could result to errors due to version mismatches in these libraries. To use the correct libraries in Checkmk 2.2.0p10 a fix was introduced to add the libraries from the site to the call in the agent. Since the lib folder within a site is writable by the site a rogue site could inject malicious libraries into the unixcat call from the agent that is executed as root leading to a privilege escalation.

We thank Jan-Philipp Litza for reporting this issue.

Affected Versions: * since 2.2.0p10

Vulnerability Management: We have rated the issue with a CVSS Score of 8.8 (High) with the following CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. We assigned CVE-2023-31210 to this vulnerability.

Changes: This Werk changes the library path from the site to the version files, which are only root-writable.

Zur Liste aller Werks