CVE-2017-16882
First published: Sat Nov 18 2017(Updated: )
Icinga Core through 1.14.0 initially executes bin/icinga as root but supports configuration options in which this file is owned by a non-root account (and similarly can have etc/icinga.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account, a related issue to CVE-2017-14312. This also affects bin/icingastats, bin/ido2db, and bin/log2ido.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Icinga Icinga | <=1.14.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-16882?
The severity of CVE-2017-16882 is high.
How does CVE-2017-16882 affect Icinga Core?
CVE-2017-16882 affects Icinga Core versions up to and including 1.14.0.
How can local users exploit CVE-2017-16882?
Local users can gain privileges by leveraging access to non-root files, such as bin/icinga and etc/icinga.cfg.
Are there any fixes for CVE-2017-16882?
There are no specific fixes mentioned in the references provided.
Where can I find more information about CVE-2017-16882?
You can find more information about CVE-2017-16882 on the GitHub issue page (https://github.com/Icinga/icinga-core/issues/1601) and the Gentoo security advisory (https://security.gentoo.org/glsa/202007-31).
- collector/nvd-index
- agent/type
- vendor/icinga
- canonical/icinga icinga
- version/icinga icinga/1.14.0