An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates an icinga2.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for icinga2.pid modification before a root script executes a kill cat /pathname/icinga2.pid
command, as demonstrated by icinga2.init.d.cmake.
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Icinga | Icinga | 2.0.0 (including) | 2.8.1 (including) |
Icinga2 | Ubuntu | artful | * |
Icinga2 | Ubuntu | bionic | * |
Icinga2 | Ubuntu | cosmic | * |
Icinga2 | Ubuntu | disco | * |
Icinga2 | Ubuntu | eoan | * |
Icinga2 | Ubuntu | groovy | * |
Icinga2 | Ubuntu | hirsute | * |
Icinga2 | Ubuntu | impish | * |
Icinga2 | Ubuntu | kinetic | * |
Icinga2 | Ubuntu | lunar | * |
Icinga2 | Ubuntu | mantic | * |
Icinga2 | Ubuntu | xenial | * |