PT-2020-13832 · Icinga+1 · Icinga2+1

Matthias Gerstner

Published

2020-06-12

Updated

2024-06-15

CVE-2020-14004

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Icinga2 versions prior to 2.12.0-rc1

Description An issue was discovered where the prepare-dirs script, part of the icinga2 systemd service, executes chmod 2750 /run/icinga2/cmd. Since /run/icinga2 is under control of an unprivileged user by default, if /run/icinga2/cmd is a symlink, it will be followed, allowing arbitrary files to be changed to mode 2750 by the unprivileged icinga2 user.

Recommendations For versions prior to 2.12.0-rc1, update to version 2.12.0-rc1 or later to resolve the issue. As a temporary workaround, consider restricting access to the /run/icinga2/cmd directory to prevent the unprivileged icinga2 user from modifying arbitrary files.

Exploit

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

CVE-2020-14004

OPENSUSE-SU-2020:1820-1

OPENSUSE-SU-2020_1820-1

OPENSUSE-SU-2024:10856-1

SUSE-SU-2022:3725-1

SUSE-SU-2022_3725-1

Affected Products

Icinga2

Suse

PT-2020-13832 · Icinga+1 · Icinga2+1

CVE-2020-14004

Weakness Enumeration

Related Identifiers

Affected Products

References · 35