CVE-2012-3441

Name of the Vulnerable Software and Affected Versions Icinga version 1.7.1

Description The issue in Icinga allows the icinga user to access all databases due to the database creation script granting excessive access. This could potentially be exploited via unspecified vectors, allowing icinga users to access other databases.

Recommendations For Icinga version 1.7.1, consider restricting the access rights of the icinga user to prevent unauthorized access to other databases. As a temporary workaround, review and modify the database creation script (module/idoutils/db/scripts/create mysqldb.sh) to ensure it grants the least privileges necessary for the icinga user.