ID: 6505
Title: Avoid CMC crash during event helper restarts.
Component: Core & setup
Level: 1
Class: Bug fix
Version: 1.6.0i1
When an event helper (for notifications/alerts) should be restarted, the
Check_MK Micro Core could go into an infinite recursion, ultimately leading
to a crash of the CMC itself. This has been fixed.
CMK-1117
ID: 6787
Title: Notification spooler: Fixed file path traversal vulnerability
Component: Notifications
Level: 2
Class: Security fix
Version: 1.6.0i1
The notification daemon of one site connects to the notification daemon of another site
to exchange notifications between both sites.
The notification daemon was not validating the incoming data correctly which made it possible
for an attacker that has access to the notification sending site to compromise the …
[View More]receiving
site.
Using this vulnerability it was possible to write write files in directories that are writable
by the receiving site user. This could be used to gain access to the site.
[View Less]
ID: 6786
Title: Livestatus proxy: Fixed file path traversal vulnerability
Component: Livestatus Proxy
Level: 2
Class: Security fix
Version: 1.6.0i1
The livestatus proxy connects to the livestatus server of remote sites. One task is to
fetch the inventory data of the remote site and replicate it to the master site to make
client accesses faster.
The livestatus proxy was not validating the incoming data correctly which made it possible
for an attacker that has …
[View More]access to the remote sites to compromise the site the livestatus
proxy daemon is running in.
Using this vulnerability it was possible to write write files in directories that are writable
by the liveproxy site user. This could be used to gain access to the liveproxy site.
[View Less]
ID: 6788
Title: Notification spooler: Fixed deserialization of arbitrary input
Component: Notifications
Level: 2
Class: Security fix
Version: 1.6.0i1
The notification daemon of one site connects to the notification daemon of
another site to exchange notifications between both sites.
The messages that are sent between the notification daemons were encoded in an
insecure format which allowed code injections between the communication
partners. This means it was …
[View More]possible to inject code from one notification
spooler to another.
We have now changed the message format to a secure alternative which prevents
code injections.
To be able to perform this transition without loosing notifications and
preventing subtile incompatibilities we decided to keep the new format disabled
by default for all sites created with Check_MK 1.4 and 1.5. This means your
installation will still be affected by this issue by default after updating.
However, once you have updated all your sites to at least 1.4.0p37 in case of
the 1.4.0 branch or or at least 1.5.0p7 in case of the 1.5.0 branch you can
change the main configuration option "Notification Spooler insecure messages"
to "off" and activate the new configuration. Once you have done this all
notification spoolers will use the new secure message format.
Please note that the 1.6 notification spoolers will always use the new message
format and not be compatible to the old message format of the 1.5 notification
spoolers anymore. If you plan to use 1.5 and 1.6 together during migration you
will have to ensure that you use the new message format in your 1.5 sites.
[View Less]
ID: 5847
Title: lnx_thermal: Fixed to only gather values of temp & type
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 1.5.0p6
The Linux agent collected too many values when hysteresis data was available and the check crashed.
This has been fixed now by fixing the required values.