Jan-Philipp Litza

**Name of the Vulnerable Software and Affected Versions** Checkmk versions 2.2.0p10 through 2.2.0p16 **Description** The issue concerns the usage of user-controlled `LD LIBRARY PATH` in the agent of Checkmk, allowing a malicious Checkmk site user to escalate rights via the injection of malicious libraries. **Recommendations** For Checkmk versions 2.2.0p10 through 2.2.0p16, consider restricting access to the `LD LIBRARY PATH` environment variable to prevent malicious library injections until a patch is available. As a temporary workaround, disabling the use of user-controlled `LD LIBRARY PATH` in the agent can help minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Checkmk versions 1.6.0 through 2.1.0p6 Checkmk version 2.0.0p27 **Description** The issue allows site users to directly interact with the system Apache installation when providing reverse proxy configurations, enabling an attacker to perform remote code execution with root privileges on the underlying host. **Recommendations** For Checkmk versions 1.6.0 through 2.1.0p6, update to a version later than 2.1.0p6 to resolve the issue. For Checkmk version 2.0.0p27, update to a version later than 2.0.0p27 to resolve the issue. As a temporary workaround, consider restricting access to the Apache installation to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Checkmk versions prior to 2.1.0p1 Checkmk versions prior to 2.0.0p25 Checkmk versions prior to 1.6.0p29 **Description** The issue allows a site user to escalate privileges via a manipulated unixcat executable due to an uncontrolled search path element in the Checkmk Agent. **Recommendations** For versions prior to 2.1.0p1, update to version 2.1.0p1 or later. For versions prior to 2.0.0p25, update to version 2.0.0p25 or later. For versions prior to 1.6.0p29, update to version 1.6.0p29 or later.