Revision Date: | 2017-11-18 | Version: | 1 | Title: | CVE-2017-16882 on Ubuntu 16.04 LTS (xenial) - untriaged. | Description: | Icinga Core through 1.14.0 initially executes bin/icinga as root but supports configuration options in which this file is owned by a non-root account (and similarly can have etc/icinga.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account, a related issue to CVE-2017-14312. This also affects bin/icingastats, bin/ido2db, and bin/log2ido.
| Family: | unix | Class: | vulnerability | Status: | | Reference(s): | CVE-2017-16882
| Platform(s): | Ubuntu 16.04 LTS
| Product(s): | | Definition Synopsis | Ubuntu 16.04 LTS (xenial) is installed. AND Package Information
NOT icinga package in xenial, while related to the CVE in some way, is not affected (note: 'files are owned by root').
OR NOT icinga-cgi package in xenial, while related to the CVE in some way, is not affected (note: 'files are owned by root').
OR NOT icinga-cgi-bin package in xenial, while related to the CVE in some way, is not affected (note: 'files are owned by root').
OR NOT icinga-common package in xenial, while related to the CVE in some way, is not affected (note: 'files are owned by root').
OR NOT icinga-core package in xenial, while related to the CVE in some way, is not affected (note: 'files are owned by root').
OR NOT icinga-idoutils package in xenial, while related to the CVE in some way, is not affected (note: 'files are owned by root').
|
|