Werk #16249: mk_informix: Follow up for Werk 16198

Komponente

Checks & agents

Titel

mk_informix: Follow up for Werk 16198

Datum

26.07.2024

Level

Kleine Änderung

Klasse

Sicherheitsfix

Kompatibilität

Kompatibel - benötigt kein manuelles Eingreifen

Checkmk versions & editions

2.4.0b1	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.3.0p12	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.2.0p32	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.1.0p47	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)

Werk #16198 addressed potential priviledge escalation by the agent plugin mk_informix. However, a few callsites to the binaries dbaccess and onstat where missing the safe execution. Those binaries are now also called in a safe way.

Vulnerability Management:

We have rated the issue with a CVSS Score of 5.2 (Medium) with the following CVSS vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H and assigned CVE CVE-2024-28829.

Zur Liste aller Werks