Icinga Core through 1.14.0 initially executes bin/icinga as root but supports configuration options in which this file is owned by a non-root account (and similarly can have etc/icinga.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account, a related issue to CVE-2017-14312. This also affects bin/icingastats, bin/ido2db, and bin/log2ido.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-11-18T18:00:00

Updated: 2024-08-05T20:35:21.361Z

Reserved: 2017-11-18T00:00:00

Link: CVE-2017-16882

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-11-18T18:29:00.233

Modified: 2020-07-27T02:15:13.250

Link: CVE-2017-16882

cve-icon Redhat

No data.