CVE-2018-6533
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf file, Icinga 2 can be run as root. Following this the program can be used to run arbitrary code as root. This was fixed by no longer using init.conf to determine account information for any root-executed code (a larger issue than CVE-2017-16933).
Se ha descubierto un problema en Icinga, en versiones 2.x hasta la 2.8.1. Al editar el archivo init.conf, Icinga 2 puede ejecutarse como root. A partir de esto, el programa puede emplearse para ejecutar código arbitrario como root. Esto se ha solucionado al no emplear más init.conf para determinar la información de la cuenta para cualquier código ejecutado como root. Este problema es mayor que CVE-2017-16933.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-02-02 CVE Reserved
- 2018-02-27 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://github.com/Icinga/icinga2/pull/5850 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Icinga Search vendor "Icinga" | Icinga Search vendor "Icinga" for product "Icinga" | >= 2.0.0 <= 2.8.1 Search vendor "Icinga" for product "Icinga" and version " >= 2.0.0 <= 2.8.1" | - |
Affected
|