CVE-2017-16933: icinga2: root privilege escalation via prepare-dirs

Debian Bug report logs - #883247
CVE-2017-16933: icinga2: root privilege escalation via prepare-dirs

Reply or subscribe to this bug.

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Henri Salo <henri@nerv.fi>

To: submit@bugs.debian.org

Subject: CVE-2017-16933: icinga2: root privilege escalation via prepare-dirs

Date: Fri, 1 Dec 2017 11:49:59 +0200

[Message part 1 (text/plain, inline)]

Package: icinga2
Version: None
X-Debbugs-CC: team@security.debian.org secure-testing-team@lists.alioth.debian.org
Severity: grave
Tags: security

Hi,

the following vulnerability was published for icinga2.

CVE-2017-16933:
| etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.0 has a chown
| call for a filename in a user-writable directory, which allows local
| users to gain privileges by leveraging access to the $ICINGA2_USER
| account for creation of a link.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

https://security-tracker.debian.org/tracker/CVE-2017-16933
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16933
https://github.com/Icinga/icinga2/issues/5793

Please adjust the affected versions in the BTS as needed.

-- 
Henri Salo

[signature.asc (application/pgp-signature, inline)]

Message #18 received at 883247-close@bugs.debian.org (full text, mbox, reply):

From: Bas Couwenberg <sebastic@debian.org>

To: 883247-close@bugs.debian.org

Subject: Bug#883247: fixed in icinga2 2.8.4-1~exp1

Date: Tue, 01 May 2018 21:42:21 +0000

Source: icinga2
Source-Version: 2.8.4-1~exp1

We believe that the bug you reported is fixed in the latest version of
icinga2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 883247@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bas Couwenberg <sebastic@debian.org> (supplier of updated icinga2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 01 May 2018 20:38:14 +0200
Source: icinga2
Binary: icinga2 icinga2-common icinga2-bin icinga2-doc icinga2-classicui icinga2-ido-mysql icinga2-ido-pgsql libicinga2 icinga2-studio vim-icinga2
Architecture: source amd64 all
Version: 2.8.4-1~exp1
Distribution: experimental
Urgency: medium
Maintainer: Debian Nagios Maintainer Group <pkg-nagios-devel@lists.alioth.debian.org>
Changed-By: Bas Couwenberg <sebastic@debian.org>
Description:
 icinga2    - host and network monitoring system
 icinga2-bin - host and network monitoring system - daemon
 icinga2-classicui - host and network monitoring system - classic UI
 icinga2-common - host and network monitoring system - common files
 icinga2-doc - host and network monitoring system - documentation
 icinga2-ido-mysql - host and network monitoring system - MySQL support
 icinga2-ido-pgsql - host and network monitoring system - PostgreSQL support
 icinga2-studio - host and network monitoring system - studio API GUI
 libicinga2 - host and network monitoring system - internal libraries
 vim-icinga2 - syntax highlighting for Icinga 2 config files in VIM
Closes: 883247 891333 897301
Changes:
 icinga2 (2.8.4-1~exp1) experimental; urgency=medium
 .
   * Team upload.
 .
   [ Bas Couwenberg ]
   * New upstream release.
     - CVEs fixes in 2.8.2:
       CVE-2017-16933, CVE-2018-6532, CVE-2018-6533,
       CVE-2018-6534,  CVE-2018-6535, CVE-2018-6536
     (closes: #897301, #891333, #883247)
   * Add gbp.conf to use pristine-tar by default.
   * Update copyright file, changes:
     - Update copyright years for Icinga Development Team.
     - Use stand-alone license paragraphs
     - Add license & copyright for socketpair
   * Restructure control file with cme.
   * Change priority from extra to optional.
   * Sort (build) dependencies.
   * Drop obsolete dbg package.
   * Update Vcs-* URLs for Salsa.
   * Update copyright format URL to use HTTPS.
   * Update various debian.org & icinga.com URLs to use HTTPS.
   * Bump Standards-Version to 4.1.4, changes: priority, copyright format.
   * Enable parallel globally.
   * Simplify 'disable unity builds' rules.
   * Drop obsolete dh-systemd build dependency.
   * Use DEB_BUILD_ARCH instead of DEB_HOST_ARCH, and not unconditionally.
   * Drop obsolete mysql (build) dependency alternatives.
   * Strip trailing whitespace from changelog.
   * Enable all hardening buildflags.
   * Add patch to fix spelling errors.
   * Move spelling-error-in-binary override from icinga2-bin to libicinga2.
   * Drop unused overrides for apache2-deprecated-auth-config.
   * Move rm_conffile from prerm to postrm.
   * Update systemd service file, changes:
     - Remove obsolete syslog.target
     - Add Documentation key
   * Add lintian overrides for hardening-no-fortify-functions.
   * Override dh_missing to use --list-missing.
   * Sort rules in order of execution.
   * Reorder and align install files.
   * Install IDO SQL files from debian/tmp.
   * Explicitly remove files not included in any package.
 .
   [ Dimitri John Ledkov ]
   * Make sure icinga2-common has /etc/icinga2/pki folder, which appears to
     still be in use.
Checksums-Sha1:
 cadaf49756d6fdcee84be09d329fcef380976598 2894 icinga2_2.8.4-1~exp1.dsc
 f08f57070dbc0d73b98ebf560815c986accd98e8 2510333 icinga2_2.8.4.orig.tar.gz
 ed5463a6a6f6a048e04cb22ba9f5a6837fda620e 33704 icinga2_2.8.4-1~exp1.debian.tar.xz
 cb69a4a26fa74613fb6d438aace6f9b6c950bede 942268 icinga2-bin-dbgsym_2.8.4-1~exp1_amd64.deb
 6aafd4073b6d61f532e57cb9fa7b08a45e36b223 155548 icinga2-bin_2.8.4-1~exp1_amd64.deb
 ba00434176d0f0f104176cffc8bd21be3004eca2 94452 icinga2-classicui_2.8.4-1~exp1_all.deb
 2d9908b8051b0cc37f43bb0b8263c59c948197d1 131588 icinga2-common_2.8.4-1~exp1_all.deb
 55b44223489d2bf5e627938abf54c93193bf20f2 1511036 icinga2-doc_2.8.4-1~exp1_all.deb
 cf4d957808b119a60041b23ebd051b7bcc83114e 1224136 icinga2-ido-mysql-dbgsym_2.8.4-1~exp1_amd64.deb
 2915f5254efb62166ac67cf67de955a6a2b315bf 188984 icinga2-ido-mysql_2.8.4-1~exp1_amd64.deb
 3d10b3caa33cea0503cf7396c83b641e6cf935f6 1156892 icinga2-ido-pgsql-dbgsym_2.8.4-1~exp1_amd64.deb
 502a3ad6c31e65a4c9d9a5e819d13eb34f93d013 181544 icinga2-ido-pgsql_2.8.4-1~exp1_amd64.deb
 489ad2a8eb52e1df576783bbb7ab8666e956d67f 1268976 icinga2-studio-dbgsym_2.8.4-1~exp1_amd64.deb
 c79eddb8f657e8d772996cce08a4b0349a9afb6d 163288 icinga2-studio_2.8.4-1~exp1_amd64.deb
 613b3d3ba86e49bafb549044d67c9f61c104b3c8 17129 icinga2_2.8.4-1~exp1_amd64.buildinfo
 b5f83859a4f925f405b70d321d32f65d013d7afe 88020 icinga2_2.8.4-1~exp1_amd64.deb
 fe1a09d1cee56b7be4a9ddd33404a80924db3cdd 34390252 libicinga2-dbgsym_2.8.4-1~exp1_amd64.deb
 af29b8b19320b89638cbe32f5341990300074712 2356800 libicinga2_2.8.4-1~exp1_amd64.deb
 2d1bea31a73e084a60885f663f55f6170d0149d8 85772 vim-icinga2_2.8.4-1~exp1_all.deb
Checksums-Sha256:
 d921cc2cef7518f478df59aa2f9504eb5268afc54ab65c8ffb91a67f463bc43c 2894 icinga2_2.8.4-1~exp1.dsc
 36f6ae3ccd5d93599459ee093011e6b64f0c56cc16bc28d37e2e6acd0c63aae6 2510333 icinga2_2.8.4.orig.tar.gz
 bd80c18fca2d7f525c94f976168778427b620202e0acfe798e12377c102ffc94 33704 icinga2_2.8.4-1~exp1.debian.tar.xz
 ad1e6a359dba73581150ad1c565cdb513973607cc4e7077846215a3497193307 942268 icinga2-bin-dbgsym_2.8.4-1~exp1_amd64.deb
 fc7212c58133150d290a0b11d3361d702ebfa4b6880036bab60b0504ad115033 155548 icinga2-bin_2.8.4-1~exp1_amd64.deb
 4d93cd0c92cfe64ce9b49b29134ac6d88ffc97ee63065aad7bf63153905baace 94452 icinga2-classicui_2.8.4-1~exp1_all.deb
 311bc6e863477a15c16369219f45f692333bd9e86949a970f9404ed5db9a82e4 131588 icinga2-common_2.8.4-1~exp1_all.deb
 3c17217daf96d7d0ea995161e36a3d82ef424760805805a38fdbb8e1936eb659 1511036 icinga2-doc_2.8.4-1~exp1_all.deb
 3e7ec7cb3ddac21868cc60823430237487c6ef14dbaf0af3b5d0e182dfb73ccd 1224136 icinga2-ido-mysql-dbgsym_2.8.4-1~exp1_amd64.deb
 a95f7ad454d7d4626835eac1d9cf26949ed21bc90ab2663c48c89bf8f69f65d9 188984 icinga2-ido-mysql_2.8.4-1~exp1_amd64.deb
 d14bbc7107311b24f74dd78c53286430aff6bac7a7bcc466a671b22040dbd6a3 1156892 icinga2-ido-pgsql-dbgsym_2.8.4-1~exp1_amd64.deb
 91faffc7e734caaa967367f816d77a0eeaf33654c6df3149be061faf952bce50 181544 icinga2-ido-pgsql_2.8.4-1~exp1_amd64.deb
 79905aa0d2b8c1b5497df7ac2d67896b0f4e573a4d9c94b3598e2e0935dcbf9f 1268976 icinga2-studio-dbgsym_2.8.4-1~exp1_amd64.deb
 c5f75da287ba0ec9e2b1aeaadb7f22664cf4512ae3f66343038fad2f2f16ba82 163288 icinga2-studio_2.8.4-1~exp1_amd64.deb
 2f7fe0f54e2fe7c270a45cd3f54a06755e3263cc3be73f476b95bc572d3d54e1 17129 icinga2_2.8.4-1~exp1_amd64.buildinfo
 3edc858898b9827c5273c992a60a3b098535e725a3d3f49b12e8393c21f68eb4 88020 icinga2_2.8.4-1~exp1_amd64.deb
 f20e3d21d7f3c551a8a7c270463959ee0e19a7fc2c55e65dbd8b8b0178195b28 34390252 libicinga2-dbgsym_2.8.4-1~exp1_amd64.deb
 6a183d0aa8de301e1363c30f8374c909c1bd949840d922e82c917c2763ab4723 2356800 libicinga2_2.8.4-1~exp1_amd64.deb
 8ff2a96f7d67f44276cafe5c0c997d60d450e24df28b4f372dddbfe6b672c9d4 85772 vim-icinga2_2.8.4-1~exp1_all.deb
Files:
 dcd03e6720e9a1804f97cc174ba9940e 2894 admin optional icinga2_2.8.4-1~exp1.dsc
 4393f337ec190246774d7bc034c93c45 2510333 admin optional icinga2_2.8.4.orig.tar.gz
 13719a0cd24423c64334c93b87e54cc2 33704 admin optional icinga2_2.8.4-1~exp1.debian.tar.xz
 ecd5b3cfd09b95e356d09823c769b000 942268 debug optional icinga2-bin-dbgsym_2.8.4-1~exp1_amd64.deb
 2f71ce206dbe7dd7363bb749a3db4b26 155548 admin optional icinga2-bin_2.8.4-1~exp1_amd64.deb
 b0afd5f560483f21c7f5a0fe689f9d23 94452 admin optional icinga2-classicui_2.8.4-1~exp1_all.deb
 88ff3dddff8b33d0e50126952b17b644 131588 admin optional icinga2-common_2.8.4-1~exp1_all.deb
 9f69d9eb2a1448e6728fc20691597134 1511036 doc optional icinga2-doc_2.8.4-1~exp1_all.deb
 13bfb91e8bc96a83a5c0220887f9e860 1224136 debug optional icinga2-ido-mysql-dbgsym_2.8.4-1~exp1_amd64.deb
 eea6541f20f2909e86595fe11879061d 188984 admin optional icinga2-ido-mysql_2.8.4-1~exp1_amd64.deb
 2f7c588ca3023e0ecc8e0d637834dc62 1156892 debug optional icinga2-ido-pgsql-dbgsym_2.8.4-1~exp1_amd64.deb
 66d6afdcc46702e3d22a9fb6a351ebd8 181544 admin optional icinga2-ido-pgsql_2.8.4-1~exp1_amd64.deb
 ba3e4b50ee448aa599bd67002275af0b 1268976 debug optional icinga2-studio-dbgsym_2.8.4-1~exp1_amd64.deb
 1edbb40d47607f453b50ad0a84c742e3 163288 admin optional icinga2-studio_2.8.4-1~exp1_amd64.deb
 b2ffa23bff3dc219c2651e1d8872d470 17129 admin optional icinga2_2.8.4-1~exp1_amd64.buildinfo
 206e22d54553bdacca4db1894aea79b9 88020 admin optional icinga2_2.8.4-1~exp1_amd64.deb
 e775b9f8539d333a91a276af5e7b7701 34390252 debug optional libicinga2-dbgsym_2.8.4-1~exp1_amd64.deb
 1b77d1f91e65a6465045a95ef982fb90 2356800 libs optional libicinga2_2.8.4-1~exp1_amd64.deb
 1f6bbf4670dc8d8c365e7bfb81cfc185 85772 admin optional vim-icinga2_2.8.4-1~exp1_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEgYLeQXBWQI1hRlDRZ1DxCuiNSvEFAlroz5sACgkQZ1DxCuiN
SvHYRhAAtwoBmqkdE1NlBWjFcW0NLo+5XVBMeRWkIxj5RDgEiONvv9w+QLe3JaNF
WcNB9OtUM71OrcL0L1aMcZzjF2n4khkd6ukemOQ2LurjoN827ww8xA78yZ+MrwKW
twSLcNyoNbzPq9rYfWyaa4h6fvumrVS3DZICJ9shXLtXodmHAQrydYQpsa03fadz
37V7yay0nbLNDOU4AwaugLn8J/q1qtm4jmNhQHbu7gSbgWLmEoJ/pp/hWGXZRQoe
1yCLfbfa4Poin0BLMMt5kU651zh94Wj5/4h9oXdqD2UK884KnljQ80cCKGbLbOVz
F4JfHbb9XStoA7wVgf7hHp8d1U3pj/TVQgcFKBrymt9KTqaSR/dIvKYy5+mDzPer
+pMmIPO10h4VlF9zGXdfVvjfd4hgevP5FamUF5SVtS4GVSWsjEtRRqwT/4GeExNf
COjwhKgBz0bb4xMe7IPyeMiC2QGIH273fBiEM+bMaE+ug17wG0y7KBgSE+JrkFX5
ZiQRl2HnA0g4DWFcmLeaDKns1qEfObNTws8n7uvUAJn/Y7XxTaXYBT08CL7NA+JX
mMvzWgxquQl3WaFCP5iE/PkuQoV6Rm9WFbordLxfiqOxyPxXuQ21UUgOBsn3CPtu
0cLBrDy07Zp+WuS2ySt1jJ39cF5EDQD/dcpp+5hLuftFqVs+cgU=
=IONM
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.