[Pkg-nagios-devel] Bug#683320: Bug#683320: CVE-2012-3441: insecure permissions in DB creation scripts
Alexander Wirt
formorer at debian.org
Mon Jul 30 19:09:50 UTC 2012
On Mon, 30 Jul 2012, Yves-Alexis Perez wrote:
> Source: icinga
> Severity: grave
> Tags: security
> Justification: user security hole
>
> Hi,
>
> DB creation scripts shipped in icinga-idoutils are insecure (they grant
> privileges for all users). See
> https://bugzilla.novell.com/show_bug.cgi?id=767319 and:
>
> https://git.icinga.org/?p=icinga-doc.git;a=commitdiff;h=619a08ca1178144b8a3a5caafff32a2d3918edab
> https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=712813d3118a5b9e5a496179cab81dbe91f69d63
>
> As far as I can tell the bug in stable is only in documentation, but in
> Wheezy it affects the scripts too. Please backport the changes and only
> upload a targeted fix.
hmm? we use dbconfig-common. We don't use this script, we also don't install
README.RHEL.idoutils anywhere. So this is docs only.
Alex
More information about the Pkg-nagios-devel
mailing list