Title: Privilege escalation in Agent
Class: security
Compatible: compat
Component: checks
Date: 1701938773
Edition: cre
Level: 2
Version: 2.2.0p17
In order to monitor livestatus from running sites on a host the Checkmk agent uses unixcat
that is part of Checkmk.
Since the binary is linked to libraries that are also part of Checkmk and may differ from
the libraries of the operating system calling unixcat outside of the scope of a site could
result to errors due to version mismatches in these libraries.
To use the correct libraries in Checkmk 2.2.0p10 a fix was introduced to add the libraries
from the site to the call in the agent.
Since the lib folder within a site is writable by the site a rogue site could inject
malicious libraries into the unixcat call from the agent that is executed as root leading
to a privilege escalation.
We thank Jan-Philipp Litza for reporting this issue.
<b>Affected Versions</b>:
* since 2.2.0p10
<b>Vulnerability Management</b>:
We have rated the issue with a CVSS Score of 8.8 (High) with the following CVSS vector:
<tt>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H</tt>.
We assigned CVE-2023-31210 to this vulnerability.
<b>Changes</b>:
This Werk changes the library path from the site to the version files, which are only
root-writable.
Show replies by date