search

Icinga / icinga-core

Icinga 1.x, the old core (EOL 31.12.2018)
GNU General Public License v2.0
45 stars 27 forks source link

[dev.icinga.com #13709] CVE-2016-9566: Root priviledge escalation during log file opening #1586

Closed icinga-migration closed 7 years ago

icinga-migration commented 7 years ago

This issue has been migrated from Redmine: https://dev.icinga.com/issues/13709

Created by mfrosch on 2016-12-21 09:45:31 +00:00

Assignee: mfrosch Status: Resolved (closed on 2016-12-21 10:03:08 +00:00) Target Version: 1.14 Last Update: 2017-01-05 21:27:49 +00:00 (in Redmine)

Icinga Version: 1.13.0
OS Version: any

Clarification

This bug affects Icinga 1 only during opening of a debug log file. (On daemon startup)

Or when Icinga writes a startup error to log (logit).

Environment

During startup, Icinga can open a debug log file, before dropping root privileges. And therefor it might write to a system file, following a symlink.

References

Changesets

2016-12-21 09:49:38 +00:00 by (unknown) 7c18062c7b439fc3ca1f5c1c724430b1fc6b674d

Fix possible root privilege escalation during opening logs (CVE-2016-9566)

Backported change from Nagios Core.

Note: This bug affects Icinga 1.x only for opening a debug log.

https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html

Thanks to Dawid Golunski for raising awareness.

Thanks to John C. Frickson (Nagios) for fixing.

Signed-off-by: Markus Frosch <markus.frosch@icinga.com>

refs #13709

2016-12-21 09:49:53 +00:00 by mfrosch 166c742a141c3332c8cef8cf6b51646a703eac4c

base/icinga: Open debug log after dropping privileges

refs #13709

2016-12-21 10:01:53 +00:00 by (unknown) a0eb8471673b6b1e9b37e1b7b91151aa00bedb65

Fix possible root privilege escalation during opening logs (CVE-2016-9566)

Backported change from Nagios Core.

Note: This bug affects Icinga 1.x only for opening a debug log, or when
a config error gets logged on startup.

https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html

Thanks to Dawid Golunski for raising awareness.

Thanks to John C. Frickson (Nagios) for fixing.

Signed-off-by: Markus Frosch <markus.frosch@icinga.com>

refs #13709

2016-12-21 10:02:16 +00:00 by mfrosch e0f55bc9b17ef1db9aed7393fc34576a5b9501f0

base/icinga: Open debug log after dropping privileges

refs #13709

2016-12-22 19:03:35 +00:00 by mfriedrich ce5e59cd55e9704ca5ec23de16fa290dc2b0c7a5

Update AUTHORS

refs #13709
refs #13749

2016-12-22 19:44:43 +00:00 by (unknown) 17f7206090b730f522990154e2a4a63918515c9b

Fix possible root privilege escalation during opening logs (CVE-2016-9566)

Backported change from Nagios Core.

Note: This bug affects Icinga 1.x only for opening a debug log, or when
a config error gets logged on startup.

https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html

Thanks to Dawid Golunski for raising awareness.

Thanks to John C. Frickson (Nagios) for fixing.

Signed-off-by: Markus Frosch <markus.frosch@icinga.com>

refs #13709

2016-12-22 19:44:43 +00:00 by mfrosch 1b3507e0d43516dcdb722b7506c1f1f10f41a68a

base/icinga: Open debug log after dropping privileges

refs #13709

2016-12-22 19:47:17 +00:00 by (unknown) f7f7e189888aba080cf345b81ccf3b7de0cac02f

Fix possible root privilege escalation during opening logs (CVE-2016-9566)

Backported change from Nagios Core.

Note: This bug affects Icinga 1.x only for opening a debug log, or when
a config error gets logged on startup.

https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html

Thanks to Dawid Golunski for raising awareness.

Thanks to John C. Frickson (Nagios) for fixing.

Signed-off-by: Markus Frosch <markus.frosch@icinga.com>

refs #13709

2016-12-22 19:47:18 +00:00 by mfrosch 48ee4cca1795500e0f4d7772d9070377a53f289b

base/icinga: Open debug log after dropping privileges

refs #13709

2016-12-22 19:49:29 +00:00 by (unknown) 320f886a0337eb9e5bc017b941a9c040ed7efb30

Fix possible root privilege escalation during opening logs (CVE-2016-9566)

Backported change from Nagios Core.

Note: This bug affects Icinga 1.x only for opening a debug log, or when
a config error gets logged on startup.

https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html

Thanks to Dawid Golunski for raising awareness.

Thanks to John C. Frickson (Nagios) for fixing.

Signed-off-by: Markus Frosch <markus.frosch@icinga.com>

refs #13709

2016-12-22 19:49:30 +00:00 by mfrosch 5f510d57f10b5bd062239860a84989d0f30f0581

base/icinga: Open debug log after dropping privileges

refs #13709
icinga-migration commented 7 years ago

Updated by mfrosch on 2016-12-21 09:48:32 +00:00

icinga-migration commented 7 years ago

Updated by mfrosch on 2016-12-21 10:02:55 +00:00

icinga-migration commented 7 years ago

Updated by mfrosch on 2016-12-21 10:03:08 +00:00

Merged into master

icinga-migration commented 7 years ago

Updated by mfriedrich on 2017-01-05 21:27:49 +00:00

http://seclists.org/oss-sec/2017/q1/17?utm\_source=dlvr.it&utm\_medium=twitter