漏洞标题
N/A
漏洞描述信息
一个权限问题影响了部署了Checkmk Debian软件包的用户。仅由代理工厂创建的软件包(仅商业版)没有受到影响。使用部署版的代理,位于/var/lib/dpkg/info/的维护脚本将归用户和ID为1001的组所有。如果系统中存在这样的用户,他们可以更改这些文件的内容(然后由root执行)。这导致在监控主机上进行本地权限升级。受影响的版本包括1.6through1.6.9p29、2.0through2.0.0p26、2.1through2.1.0p3和2.2.0i1。
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
A permission issue affects users that deployed the shipped version of the Checkmk Debian package. Packages created by the agent bakery (enterprise editions only) were not affected. Using the shipped version of the agents, the maintainer scripts located at /var/lib/dpkg/info/ will be owned by the user and the group with ID 1001. If such a user exists on the system, they can change the content of these files (which are then executed by root). This leads to a local privilege escalation on the monitored host. Version 1.6 through 1.6.9p29, version 2.0 through 2.0.0p26, version 2.1 through 2.1.0p3, and version 2.2.0i1 are affected.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
CheckMK Raw Edition 安全漏洞
漏洞描述信息
tribe29 CheckMK Raw Edition是德国tribe29公司的一个全面灵活的 IT 监控系统。 CheckMK Raw Edition 存在安全漏洞,该漏洞源于/var/lib/dpkg/info/路径的权限存在问题。攻击者利用该漏洞可以更改文件或提升权限。
CVSS信息
N/A
漏洞类别
其他