Werk #14087: Fix privilege escalation vulnerability

Component	Checks & agents
Title	Fix privilege escalation vulnerability
Date	May 12, 2022
Level	Prominent Change
Class	Security Fix
Compatibility	Compatible - no manual interaction needed
Checkmk versions & editions	2.2.0b1 Not yet released Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME) 2.2.0b1 Not yet released Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME) 2.2.0b1 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME) 2.1.0b9 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME) 2.0.0p25 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME) 1.6.0p29 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)

Previously to this Werk an attacker who could become a site user could replace the sites bin/unixcat by a custom executable. The Checkmk agent would then run it as root.

With this Werk the agent now always calls one of the shipped unixcats below /omd/versions/.

All maintained versions (>=1.6) are subject to this vulnerability. It is likely that also previous versions were vulnerable.

To check against possible exploitation make sure that the sites directory ~MySite/bin points to /omd/versions/MySitesVersion/bin.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 8.8

We assigned CVE-2022-43440 to this vulnerability.

We thank Jan-Philipp Litza (PLUTEX GmbH) for bringing this to our attention.

To the list of all Werks