1101669 – (CVE-2014-0243) CVE-2014-0243 check-mk: arbitrary file disclosure flaw as root

Bug 1101669 (CVE-2014-0243) - CVE-2014-0243 check-mk: arbitrary file disclosure flaw as root

Summary: CVE-2014-0243 check-mk: arbitrary file disclosure flaw as root

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2014-0243
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1101670 1101671
Blocks:
TreeView+	depends on / blocked

Reported:	2014-05-27 17:56 UTC by Vincent Danen
Modified:	2023-05-12 03:31 UTC (History)
CC List:	2 users (show)
Fixed In Version:	check-mk 1.2.5i3
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-06-13 18:56:19 UTC
Embargoed:

Attachments	(Terms of Use)

Description Vincent Danen 2014-05-27 17:56:48 UTC

LSE Leading Security Experts GmbH discovered that the Check_MK agent (Nagios plugin) processed files from the /var/lib/check_mk_agent/job directory which had 1777 permissions. The mk-job program did not check whether any files in this directory where symbolic or hard links.  Due to the permissions of this directory, any user could add a symbolic or hard link to any file on the filesystem, and because the Check_MK agent ran as the root user, it could expose arbitrary files via the agent, which exposes all the contents of this directory on TCP port 6556 by default.

This can be worked-around by setting mode 0755 on /var/lib/check_mk_agent/job (removing the sticky bit).

This is described in the upstream bug report [1] and fixed in git [2].

[1] http://mathias-kettner.com/check_mk_werks.php?werk_id=978
[2] http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=a2ef8d00c53ec9cbd05c4ae2f09b50761130e7ce


Acknowledgements:

Red Hat would like to thank LSE Leading Security Experts GmbH for reporting this issue.

Comment 1 Vincent Danen 2014-05-27 17:58:07 UTC

Created check-mk tracking bugs for this issue:

Affects: fedora-all [bug 1101670]
Affects: epel-all [bug 1101671]

Comment 2 Andrea Veri 2014-05-27 19:10:29 UTC

I'll prepare a fix today. Thanks for reporting.

Comment 3 Fedora Update System 2014-06-10 03:08:49 UTC

check-mk-1.2.4p2-2.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 4 Fedora Update System 2014-06-10 03:09:42 UTC

check-mk-1.2.4p2-2.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 5 Fedora Update System 2014-06-14 20:00:54 UTC

check-mk-1.2.4p2-2.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 6 Fedora Update System 2014-06-14 20:01:08 UTC

check-mk-1.2.4p2-2.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.