Werk #13902: Secure path for OMD hooks

Component Site management
Title Secure path for OMD hooks
Date May 9, 2022
Level Trivial Change
Class Security Fix
Compatibility Compatible - no manual interaction needed
Checkmk versions & editions
2.2.0b1
Not yet released
Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.2.0b1
Not yet released
Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.2.0b1 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.1.0 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
2.0.0p25 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.6.0p29 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)

OMD executes several hooks to determine configuration options (e.g. which port to use for the site apache). These hooks are version dependent, so OMD executed these hooks via a symlink in the site to get the hooks matching the version of the site.

The symlinks belong to the site user in order to be able to update the version. Since a OMD status executes those hooks as root, it was possible for a site user to create a malicious hook and execute code as root.

All maintained versions (>=1.6) are subject to this vulnerability. It is likely that also previous versions were vulnerable.

CVE is CVE-2022-31258. CVSS: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 8.2

We thank Timo Klecker for reporting this issue!

To the list of all Werks