Oval Definition:oval:com.ubuntu.xenial:def:2017168820000000
Revision Date:2017-11-18Version:1
Title:CVE-2017-16882 on Ubuntu 16.04 LTS (xenial) - untriaged.
Description:Icinga Core through 1.14.0 initially executes bin/icinga as root but supports configuration options in which this file is owned by a non-root account (and similarly can have etc/icinga.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account, a related issue to CVE-2017-14312. This also affects bin/icingastats, bin/ido2db, and bin/log2ido.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2017-16882
Platform(s):Ubuntu 16.04 LTS
Product(s):
Definition Synopsis
  • Ubuntu 16.04 LTS (xenial) is installed.
  • AND Package Information
  • NOT icinga package in xenial, while related to the CVE in some way, is not affected (note: 'files are owned by root').
  • OR NOT icinga-cgi package in xenial, while related to the CVE in some way, is not affected (note: 'files are owned by root').
  • OR NOT icinga-cgi-bin package in xenial, while related to the CVE in some way, is not affected (note: 'files are owned by root').
  • OR NOT icinga-common package in xenial, while related to the CVE in some way, is not affected (note: 'files are owned by root').
  • OR NOT icinga-core package in xenial, while related to the CVE in some way, is not affected (note: 'files are owned by root').
  • OR NOT icinga-idoutils package in xenial, while related to the CVE in some way, is not affected (note: 'files are owned by root').
  • BACK