[Pkg-nagios-devel] Bug#883247: CVE-2017-16933: icinga2: root privilege escalation via prepare-dirs

Henri Salo henri at nerv.fi
Fri Dec 1 09:49:59 UTC 2017

Package: icinga2
Version: None
X-Debbugs-CC: team at security.debian.org secure-testing-team at lists.alioth.debian.org
Severity: grave
Tags: security


the following vulnerability was published for icinga2.

| etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.0 has a chown
| call for a filename in a user-writable directory, which allows local
| users to gain privileges by leveraging access to the $ICINGA2_USER
| account for creation of a link.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:


Please adjust the affected versions in the BTS as needed.

Henri Salo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-nagios-devel/attachments/20171201/9fb9f66e/attachment.sig>

More information about the Pkg-nagios-devel mailing list