[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] icinga2: CVE-2020-14004: prepare-dirs script allows for symlink attack in the ici
From: Michael Orlitzky <michael () orlitzky ! com>
Date: 2020-06-12 12:16:23
Message-ID: 34ddbebf-ee5e-a8de-918b-bc9878352e84 () orlitzky ! com
[Download RAW message or body]
On 2020-06-12 05:54, Matthias Gerstner wrote:
> Hello list,
>
> during the review of directories with special permissions in openSUSE
> distributions I noticed an icinga user privilege escalation issue in the
> icinga2 monitoring software [1].
face -> palm
https://github.com/Icinga/icinga2/issues/5793
> But it could still turn out to be subject to
> race conditions on older or alternative `chown` implementations. It
> would also be problematic if the Linux kernel hardlink protection is
> turned off for some reason.
Hardlink protection is off by default in the vanilla kernel.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic