CVE-2018-6533
First published: Tue Feb 27 2018(Updated: )
An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf file, Icinga 2 can be run as root. Following this the program can be used to run arbitrary code as root. This was fixed by no longer using init.conf to determine account information for any root-executed code (a larger issue than CVE-2017-16933).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Icinga Icinga | >=2.0.0<=2.8.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-6533?
CVE-2018-6533 is a vulnerability in Icinga 2.x through 2.8.1 that allows arbitrary code execution as root.
How can the CVE-2018-6533 vulnerability be exploited?
The CVE-2018-6533 vulnerability can be exploited by editing the init.conf file in Icinga 2.x through 2.8.1, allowing the program to be run as root and execute arbitrary code.
What is the severity of CVE-2018-6533?
The severity of CVE-2018-6533 is rated as high (CVSS score: 7.8).
What software versions are affected by CVE-2018-6533?
Icinga 2.x versions between 2.0.0 and 2.8.1 are affected by CVE-2018-6533.
How was CVE-2018-6533 fixed?
CVE-2018-6533 was fixed by no longer using the init.conf file to determine account information for any root-executed code.
- collector/nvd-index
- agent/severity
- agent/author
- agent/references
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/icinga
- canonical/icinga icinga
- version/icinga icinga/2.0.0
- version/icinga icinga/2.8.1