An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf file, Icinga 2 can be run as root. Following this the program can be used to run arbitrary code as root. This was fixed by no longer using init.conf to determine account information for any root-executed code (a larger issue than CVE-2017-16933).
Advisories
Source ID Title
EUVD EUVD EUVD-2018-18285 An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf file, Icinga 2 can be run as root. Following this the program can be used to run arbitrary code as root. This was fixed by no longer using init.conf to determine account information for any root-executed code (a larger issue than CVE-2017-16933).
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-05T06:10:10.143Z

Reserved: 2018-02-02T00:00:00

Link: CVE-2018-6533

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-02-27T19:29:00.450

Modified: 2024-11-21T04:10:51.017

Link: CVE-2018-6533

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.