[Pkg-nagios-devel] Bug#683320: Bug#683320: CVE-2012-3441: insecure permissions in DB creation scripts
Moritz Muehlenhoff
jmm at inutil.org
Thu Aug 30 15:51:31 UTC 2012
severity 683320 normal
thanks
On Mon, Jul 30, 2012 at 09:09:50PM +0200, Alexander Wirt wrote:
> On Mon, 30 Jul 2012, Yves-Alexis Perez wrote:
>
> > Source: icinga
> > Severity: grave
> > Tags: security
> > Justification: user security hole
> >
> > Hi,
> >
> > DB creation scripts shipped in icinga-idoutils are insecure (they grant
> > privileges for all users). See
> > https://bugzilla.novell.com/show_bug.cgi?id=767319 and:
> >
> > https://git.icinga.org/?p=icinga-doc.git;a=commitdiff;h=619a08ca1178144b8a3a5caafff32a2d3918edab
> > https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=712813d3118a5b9e5a496179cab81dbe91f69d63
> >
> > As far as I can tell the bug in stable is only in documentation, but in
> > Wheezy it affects the scripts too. Please backport the changes and only
> > upload a targeted fix.
> hmm? we use dbconfig-common. We don't use this script, we also don't install
> README.RHEL.idoutils anywhere. So this is docs only.
Not a RC bug.
Cheers,
Moritz
More information about the Pkg-nagios-devel
mailing list