Checkmk werks level1 June 2014

checkmk-werks-lvl1@lists.checkmk.com

6 participants
67 discussions

Check_MK Werk 0991: Availability: optionally show time stamps as UNIX epoch time

by Mathias Kettner

ID: 0991 Title: Availability: optionally show time stamps as UNIX epoch time Component: Reporting & Availability Level: 1 Class: Bug Fix Version: 1.2.5i5 This makes it easier to compare availability timeline with actual log files.

10 years, 2 months

Check_MK Werk 0990: Fix HTTP error handling in bulk inventory

by Mathias Kettner

ID: 0990 Title: Fix HTTP error handling in bulk inventory Component: WATO Level: 1 Class: Bug Fix Version: 1.2.5i5 If during a bulk inventory some HTTP error occurs (e.g. due to an Apache restart) then now the failed hosts are exactly being displayed and the number of failed hosts is correct.

10 years, 2 months

Check_MK Werk 0989: logwatch.ec: Fix forwarding multiple messages via syslog/TCP

by Mathias Kettner

ID: 0989 Title: logwatch.ec: Fix forwarding multiple messages via syslog/TCP Component: Checks & Agents Level: 1 Class: Bug Fix Version: 1.2.5i5 If you setup forwarding to the Event Console in the {logwatch.ec} check to be done via TCP and more than one new message per check interval arrived, then several messages could have be joined together into one single message. The reason was a missing newline character. This has been fixed. Forwarding via UDP was not affected by this bug.

10 years, 2 months

Check_MK Werk 0988: livedump: Fix exception in case no contact groups are defined for a service

by Mathias Kettner

ID: 0988 Title: livedump: Fix exception in case no contact groups are defined for a service Component: Livestatus Level: 1 Class: Bug Fix Version: 1.2.5i5

10 years, 2 months

Check_MK Werk 0994: agent plugin smart: fixed syntax error

by Bernd Stroessenreuther

ID: 0994 Title: agent plugin smart: fixed syntax error Component: Checks & Agents Level: 1 Class: Bug Fix Version: 1.2.5i5

10 years, 2 months

Check_MK Werk 0942: check_mk-winperf.cpuusage.php: now displays AVERAGE values instead of MAX

by Andreas Boesl

ID: 0942 Title: check_mk-winperf.cpuusage.php: now displays AVERAGE values instead of MAX Component: Multisite Level: 1 Class: Bug Fix Version: 1.2.5i4 This change makes pnpgraphs with greater timeframes consistent

10 years, 2 months

Check_MK Werk 0941: esx_vsphere_hostsystem.cpu_usage: pnpgraph now displays AVERAGE instead of MAX values in all timeframes

by Andreas Boesl

ID: 0941 Title: esx_vsphere_hostsystem.cpu_usage: pnpgraph now displays AVERAGE instead of MAX values in all timeframes Component: Multisite Level: 1 Class: Bug Fix Version: 1.2.5i4 Affected pnptemplates are: check_mk-enterasys_cpu_util, check_mk-esx_vsphere_hostsystem.cpu_usage, check_mk-innovaphone_cpu

10 years, 2 months

Check_MK Werk 0984: Fix code injection for logged in users via automation url

by Lars Michelsen

ID: 0984 Title: Fix code injection for logged in users via automation url Component: WATO Level: 2 Class: Incompatible Change Version: 1.2.5i4 This fixes CVSS 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C. The description: The check_mk applications uses insecure API calls, which allow an attacker to execute arbitrary code on the server by issuing just a single URL. The reason for this is the usage of the insecure "pickle" API call. Apparently this was modified as a security means from a former version, which used "eval"-like structures with untrusted input data. Anyhow, as the python API documentation clearly state, "pickle" should be considered unsafe as well, see: <tt>https://docs.python.org/2/library/pickle.html</tt>. The fix replaces <tt>pickle<tt> with a module called <tt>ast</tt>. Unfortunately this module is not available on Centos/RedHat 5.X and Debian 5. On these systems WATO still uses <tt>pickle</tt>, even with this fix. Note: This change makes the current Check_MK versions incompatible to older versions. In a mixed environment with old and new Check_MK versions or with old and newer Python versions you have to force WATO to use the old unsafe method by setting <tt>wato_legacy_eval = True<tt> in <tt>multisite.mk</tt>. This can also be done with the new global WATO setting Use unsafe legacy encoding for distributed WATO.

10 years, 2 months

Check_MK Werk 0983: Fix security issue in code of row selections (checkboxes) (CVSS 4.9 AV:N/AC:M/Au:S/C:N/I:P/A:P)

by Mathias Kettner

ID: 0983 Title: Fix security issue in code of row selections (checkboxes) (CVSS 4.9 AV:N/AC:M/Au:S/C:N/I:P/A:P) Component: Multisite Level: 2 Class: Security Fix Version: 1.2.5i4 The fixed weakness was: The check_mk application does allow an attacker to write check_mk config files (.mk files) on arbitrary locations on the server filesystem.

10 years, 2 months

Check_MK Werk 0982: Fix two XSS weaknesses according to CVSS 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C

by Mathias Kettner

ID: 0982 Title: Fix two XSS weaknesses according to CVSS 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C Component: Multisite Level: 2 Class: Security Fix Version: 1.2.5i4 This fixes the following issue: The check_mk application is susceptible to reflected XSS attacks. This is mainly the result of inproper output encoding. Reflected XSS can be triggered by sending a malicious URL to a user of the check_mk application. Once the XSS attack is triggered, the attacker has access to the full check_mk (and nagios) application with the access rights of the logged in victim. The fix applies to the function: htmllib.py: render_status_icons() actions.py: ajax_action()

10 years, 2 months

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Checkmk werks level1 June 2014