LSE discovers vulnerability in Check_MK agent

Lesezeit: 1 Minute

While conducting a penetration test LSE security experts Markus Vervier and Sascha Kettler discovered that the Check_MK agent processes files from a directory with mode 1777.

A local user may access file contents he normally would not have access to.

Affected Versions

Check_MK agent for Linux since Git commit 7e9088c09963cb2e76030e8b645607692ec56011 until Release v1.2.5i2p1

Read more in the corresponding Security Advisory

Von |2014-05-27T15:50:27+00:0027. Mai, 2014 um 15:50 Uhr|KEYIDENTITY|Noch keine Kommentare

Über den Autor: