[Pkg-nagios-devel] Bug#883247: CVE-2017-16933: icinga2: root privilege escalation via prepare-dirs
henri at nerv.fi
Fri Dec 1 09:49:59 UTC 2017
X-Debbugs-CC: team at security.debian.org secure-testing-team at lists.alioth.debian.org
the following vulnerability was published for icinga2.
| etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.0 has a chown
| call for a filename in a user-writable directory, which allows local
| users to gain privileges by leveraging access to the $ICINGA2_USER
| account for creation of a link.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
Please adjust the affected versions in the BTS as needed.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: not available
More information about the Pkg-nagios-devel