[//]: # (werk v2)
# mk_informix: Do not allow privilege escalation
key | value
---------- | ---
date | 2024-03-08T14:57:50+00:00
version | 2.4.0b1
class | security
edition | cre
component | checks
level | 1
compatible | yes
The informix database monitoring plugin would previously `eval` statements parsed from
`$INFORMIXDIR/bin/onstat`. Since the plugin is usually run as root, this could cause
statements injected in `$INFORMIXDIR/bin/onstat` to be run as root as well.
By adding scripts named the same as other functionality found in `$PATH` to
`$INFORMIXDIR/bin`, `$PATH` functionality could also be overshadowed and the custom
executed as root.
Finally, `$INFORMIXDIR/bin/onstat` would be executed as root, allowing a substituted
script to be run with elevated privileges.
With this werk, the environment variables will be exported instead and `$PATH` will now be
searched before `$INFORMIXDIR/bin`.
The plugin will now also check if `$INFORMIXDIR/bin/onstat` belongs to root if the plugin
is executed as root. If not, it will be executed as the user owning the executable.
This issue was found during internal review.
*Affected Versions*:
* 2.3.0 (beta)
* 2.2.0
* 2.1.0
* 2.0.0 (EOL)
*Vulnerability Management*:
We have rated the issue with a CVSS Score of 8.8 (High) with the following CVSS vector:
`CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H` and assigned CVE `CVE-2024-28824`.
Show replies by date