From checkmk-werks-lvl1@lists.checkmk.com Sat Apr 20 12:51:24 2024
From: Checkmk werks level 1 <checkmk-werks-lvl1@lists.checkmk.com>
To: checkmk-werks-lvl1@lists.checkmk.com
Subject: [2.2.0] Checkmk Werk 16615 adapted: Remove websphere_mq plugin
Date: Sat, 20 Apr 2024 12:50:59 +0000
Message-ID: <1713617459.306361.733.nullmailer@localhost>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============6771277938504742849=="

--===============6771277938504742849==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Werk 16615 was adapted. The following is the new Werk, a diff is shown at the=
 end of the message.

Title: Remove websphere_mq plugin
Class: security
Compatible: compat
Component: checks
Date: 1710155388
Edition: cre
Level: 1
Version: 2.2.0p26

With this Werk the <code>websphere_mq</code> plugin is removed for security r=
easons.

In this plugin the output of <code>ps</code> is used to determine an argument=
 for
<code>runmqsc</code>. This meant that anybody who can launch processes with a=
n arbitrary
command line could manipulate one argument to <code>runmqsc</code>.

The plugin was already superseded by the agent plugin <code>ibm_mq</code> and=
 deprecated with Werk <a href=3D"https://checkmk.com/werk/10752">10752</a> an=
d version 2.0.0.

Since this plugin is already deprecated and it was not configurable via the
<em>agent bakery</em> we assumed that this plugin is not frequently used. The=
refore we
decided to not fix the issue but to push the removal.

We found this vulnerability internally.

<strong>Affected versions</strong>:

LI: 2.3.0
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0

<strong>Mitigations</strong>:

Migrate to the <code>ibm_mq</code> plugin.

<strong>Vulnerability Management</strong>:

We have rated the issue with a CVSS Score of 6.5 (Medium) with the following =
CVSS vector: <code>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N</code>.
We assigned CVE-2024-3367 to this vulnerability.

<strong>Changes</strong>:

The plugin was removed.

------------------------------------<diff>-----------------------------------=
--------
  Title: Remove websphere_mq plugin
  Class: security
  Compatible: compat
  Component: checks
  Date: 1710155388
  Edition: cre
  Level: 1
- Version: 2.2.0p25
?                 ^

+ Version: 2.2.0p26
?                 ^

 =20
  With this Werk the <code>websphere_mq</code> plugin is removed for security=
 reasons.
 =20
  In this plugin the output of <code>ps</code> is used to determine an argume=
nt for
  <code>runmqsc</code>. This meant that anybody who can launch processes with=
 an arbitrary
  command line could manipulate one argument to <code>runmqsc</code>.
 =20
  The plugin was already superseded by the agent plugin <code>ibm_mq</code> a=
nd deprecated with Werk <a href=3D"https://checkmk.com/werk/10752">10752</a> =
and version 2.0.0.
 =20
  Since this plugin is already deprecated and it was not configurable via the
  <em>agent bakery</em> we assumed that this plugin is not frequently used. T=
herefore we
  decided to not fix the issue but to push the removal.
 =20
  We found this vulnerability internally.
 =20
  <strong>Affected versions</strong>:
 =20
  LI: 2.3.0
  LI: 2.2.0
  LI: 2.1.0
  LI: 2.0.0
 =20
  <strong>Mitigations</strong>:
 =20
  Migrate to the <code>ibm_mq</code> plugin.
 =20
  <strong>Vulnerability Management</strong>:
 =20
  We have rated the issue with a CVSS Score of 6.5 (Medium) with the followin=
g CVSS vector: <code>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N</code>.
  We assigned CVE-2024-3367 to this vulnerability.
 =20
  <strong>Changes</strong>:
 =20
  The plugin was removed.
 =20


--===============6771277938504742849==--