Branch: refs/heads/master
Home: https://github.com/Checkmk/checkmk
Commit: 28968b0c34533199c8f03e4b0b1bd495221196d9
https://github.com/Checkmk/checkmk/commit/28968b0c34533199c8f03e4b0b1bd4952…
Author: Sofia Colakovic <sofia.colakovic(a)checkmk.com>
Date: 2024-02-27 (Tue, 27 Feb 2024)
Changed paths:
A .werks/16172.md
M agents/plugins/kaspersky_av
A tests/unit-shell/agents/plugins/test_kaspersky_av.sh
Log Message:
-----------
16172 SEC kaspersky_av: Don't run kav4fs-control or kesl-control if they aren't owned by root
Kaspersky Anti-Virus plugin uses /opt/kaspersky/kav4fs/bin/kav4fs-control and
/opt/kaspersky/kesl/bin/kesl-control commands to monitor a Kaspersky Anti-Virus
installation.
To prevent privilege escalation, the plugin (which is run by root user) must
not run executables which can be changed by less privileged users.
In the default installation, kav4fs-control and kesl-control commands are owned
by root and root is the only user with write permissions, which prevents privilege
escalation attacks.
With this Werk, the plugin checks if control commands are owned by root and root
is the only user with write permissions before running the command. If that's not
the case the commands won't be run. This prevents privilege escalation attacks if
the permissions of the control commands have been changed.
CMK-15318
Change-Id: Ie5de60541dbd76a983c9918ccf48a73ed1ee26f7
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/2.3.0
Home: https://github.com/Checkmk/checkmk
Commit: ff0b0477432250db90395946b6f0219ba7acf284
https://github.com/Checkmk/checkmk/commit/ff0b0477432250db90395946b6f0219ba…
Author: Lars Michelsen <lm(a)checkmk.com>
Date: 2024-02-27 (Tue, 27 Feb 2024)
Changed paths:
A .werks/15725.md
M cmk/update_config/main.py
Log Message:
-----------
15725 FIX Cleanup old Microcore config during update procedure
This change prevents a problem which might occur in case the `omd update` did
not finish successfully. In this situation, the Microcore might be started with
a configuration file from the previous version. This could lead to unexpected
behavior.
Instead of keeping the old configuration, the update procedure now deletes the
file which makes the Microcore fail during startup with a more helpful error
message.
CMK-16020
Change-Id: I5c7a326d9269ada9ae0f4f8b4e48610bdaffabdb
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/master
Home: https://github.com/Checkmk/checkmk
Commit: f876ded4b9793800fc69b728895c68c92e27184b
https://github.com/Checkmk/checkmk/commit/f876ded4b9793800fc69b728895c68c92…
Author: Lars Michelsen <lm(a)checkmk.com>
Date: 2024-02-27 (Tue, 27 Feb 2024)
Changed paths:
A .werks/15725.md
M cmk/update_config/main.py
Log Message:
-----------
15725 FIX Cleanup old Microcore config during update procedure
This change prevents a problem which might occur in case the `omd update` did
not finish successfully. In this situation, the Microcore might be started with
a configuration file from the previous version. This could lead to unexpected
behavior.
Instead of keeping the old configuration, the update procedure now deletes the
file which makes the Microcore fail during startup with a more helpful error
message.
CMK-16020
Change-Id: I5c7a326d9269ada9ae0f4f8b4e48610bdaffabdb
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/master
Home: https://github.com/Checkmk/checkmk
Commit: d95cd664fa041bf12368753927aba6da4312af65
https://github.com/Checkmk/checkmk/commit/d95cd664fa041bf12368753927aba6da4…
Author: Andreas Umbreit <andreas.umbreit(a)checkmk.com>
Date: 2024-02-27 (Tue, 27 Feb 2024)
Changed paths:
M packages/check-http/src/checking_types.rs
M packages/check-http/src/checks.rs
Log Message:
-----------
check_http: Allow custom format for values in CheckResult helper functions
Needed to display some values more prettily, e.g., influence the number
of shown digits of a float value.
CMK-16160
Change-Id: Ieba7b6be023ab8615a5fae6253385d5402c221b4
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/master
Home: https://github.com/Checkmk/checkmk
Commit: 4759ef01d3a5223f6b79067bff8f9f2bb2dc8970
https://github.com/Checkmk/checkmk/commit/4759ef01d3a5223f6b79067bff8f9f2bb…
Author: Maximilian Wirtz <maximilian.wirtz(a)checkmk.com>
Date: 2024-02-27 (Tue, 27 Feb 2024)
Changed paths:
A .werks/16361.md
Log Message:
-----------
16361 SEC Privilege escalation in Windows agent
In order to execute some system commands Checkmk Windows agent writes cmd files to `C:\Windows\Temp\` and afterwards executes them.
The permissions of the files were set restrictive but existing files were not properly handled.
If a cmd file already existed and was write protected the agent was not able to rewrite the file but did not handle this case and executed the file nevertheless.
We thank Michael Baer (SEC Consult Vulnerability Lab) for reporting this issue.
**Affected Versions**:
* 2.2.0
* 2.1.0
* 2.0.0
**Indicators of Compromise**:
The filename of the cmd file needed to be guessed therefore the proof-of-concept creates a lot of files in `C\Windows\Temp` with the filename `cmk_all_\d+_1.cmd`.
These file-creation events could be monitored.
**Vulnerability Management**:
We have rated the issue with a CVSS Score of 8.8 (High) with the following CVSS vector:
`CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H`.
We assigned CVE-2024-0670 to this vulnerability.
**Changes**:
This Werk changes the temp folder and adds a subfolder with more restrictive permissions in which the files are created.
Also errors are handled better.
Change-Id: I9b6b6dbe68d638c9e0dcf127646783d15f1df589
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/2.3.0
Home: https://github.com/Checkmk/checkmk
Commit: a91bc0411ec1ae2e45dab2f4cba525794805b031
https://github.com/Checkmk/checkmk/commit/a91bc0411ec1ae2e45dab2f4cba525794…
Author: Maximilian Wirtz <maximilian.wirtz(a)checkmk.com>
Date: 2024-02-27 (Tue, 27 Feb 2024)
Changed paths:
A .werks/16361.md
Log Message:
-----------
16361 SEC Privilege escalation in Windows agent
In order to execute some system commands Checkmk Windows agent writes cmd files to `C:\Windows\Temp\` and afterwards executes them.
The permissions of the files were set restrictive but existing files were not properly handled.
If a cmd file already existed and was write protected the agent was not able to rewrite the file but did not handle this case and executed the file nevertheless.
We thank Michael Baer (SEC Consult Vulnerability Lab) for reporting this issue.
**Affected Versions**:
* 2.2.0
* 2.1.0
* 2.0.0
**Indicators of Compromise**:
The filename of the cmd file needed to be guessed therefore the proof-of-concept creates a lot of files in `C\Windows\Temp` with the filename `cmk_all_\d+_1.cmd`.
These file-creation events could be monitored.
**Vulnerability Management**:
We have rated the issue with a CVSS Score of 8.8 (High) with the following CVSS vector:
`CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H`.
We assigned CVE-2024-0670 to this vulnerability.
**Changes**:
This Werk changes the temp folder and adds a subfolder with more restrictive permissions in which the files are created.
Also errors are handled better.
Change-Id: I9b6b6dbe68d638c9e0dcf127646783d15f1df589
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/2.1.0
Home: https://github.com/Checkmk/checkmk
Commit: 6c772598aac4018077fadeb0c38b94381cafb27f
https://github.com/Checkmk/checkmk/commit/6c772598aac4018077fadeb0c38b94381…
Author: Maximilian Wirtz <maximilian.wirtz(a)checkmk.com>
Date: 2024-02-27 (Tue, 27 Feb 2024)
Changed paths:
A .werks/16361
Log Message:
-----------
16361 SEC Privilege escalation in Windows agent
In order to execute some system commands Checkmk Windows agent writes cmd files to `C:\Windows\Temp\` and afterwards executes them.
The permissions of the files were set restrictive but existing files were not properly handled.
If a cmd file already existed and was write protected the agent was not able to rewrite the file but did not handle this case and executed the file nevertheless.
We thank Michael Baer (SEC Consult Vulnerability Lab) for reporting this issue.
**Affected Versions**:
* 2.2.0
* 2.1.0
* 2.0.0
**Indicators of Compromise**:
The filename of the cmd file needed to be guessed therefore the proof-of-concept creates a lot of files in `C\Windows\Temp` with the filename `cmk_all_\d+_1.cmd`.
These file-creation events could be monitored.
**Vulnerability Management**:
We have rated the issue with a CVSS Score of 8.8 (High) with the following CVSS vector:
`CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H`.
We assigned CVE-2024-0670 to this vulnerability.
**Changes**:
This Werk changes the temp folder and adds a subfolder with more restrictive permissions in which the files are created.
Also errors are handled better.
Change-Id: I9b6b6dbe68d638c9e0dcf127646783d15f1df589
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/2.2.0
Home: https://github.com/Checkmk/checkmk
Commit: 22de8967ee57635f022996260036f7059c359d77
https://github.com/Checkmk/checkmk/commit/22de8967ee57635f022996260036f7059…
Author: Maximilian Wirtz <maximilian.wirtz(a)checkmk.com>
Date: 2024-02-27 (Tue, 27 Feb 2024)
Changed paths:
A .werks/16361
Log Message:
-----------
16361 SEC Privilege escalation in Windows agent
In order to execute some system commands Checkmk Windows agent writes cmd files to `C:\Windows\Temp\` and afterwards executes them.
The permissions of the files were set restrictive but existing files were not properly handled.
If a cmd file already existed and was write protected the agent was not able to rewrite the file but did not handle this case and executed the file nevertheless.
We thank Michael Baer (SEC Consult Vulnerability Lab) for reporting this issue.
**Affected Versions**:
* 2.2.0
* 2.1.0
* 2.0.0
**Indicators of Compromise**:
The filename of the cmd file needed to be guessed therefore the proof-of-concept creates a lot of files in `C\Windows\Temp` with the filename `cmk_all_\d+_1.cmd`.
These file-creation events could be monitored.
**Vulnerability Management**:
We have rated the issue with a CVSS Score of 8.8 (High) with the following CVSS vector:
`CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H`.
We assigned CVE-2024-0670 to this vulnerability.
**Changes**:
This Werk changes the temp folder and adds a subfolder with more restrictive permissions in which the files are created.
Also errors are handled better.
Change-Id: I9b6b6dbe68d638c9e0dcf127646783d15f1df589
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/2.3.0
Home: https://github.com/Checkmk/checkmk
Commit: 5973d674a775d5b4fb89907452f3920afe5bc8d4
https://github.com/Checkmk/checkmk/commit/5973d674a775d5b4fb89907452f3920af…
Author: Andreas Umbreit <andreas.umbreit(a)checkmk.com>
Date: 2024-02-27 (Tue, 27 Feb 2024)
Changed paths:
M packages/check-http/src/checks.rs
M packages/check-http/src/output.rs
M packages/check-http/src/runner.rs
M packages/check-http/tests/test_http.rs
Log Message:
-----------
check_http: Reformat output
- Separate Method and version output
- Output of initial and final (if redirected) URLs
- Remove redundant leading "HTTP <State>" Output
CMK-16160
Change-Id: I9fa995bfd79fe1b58374553fa9719e77139a6cc2
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications