The authors of the monitoring solution checkmk have fixed security gaps in three plugins and released updates. Two of the patches fix an undesirable extension of privileges to the root user, one requires an overly talkative plugin to provide more discretion in the process list.
Advertisement
The checkmk plugin for monitoring Informix databases provides a starting point for attackers to execute their own code with the privileges of the root user on an affected server. This is due to an insecure transfer of input from the file $INFORMIXDiR/bin/onstat
. The error with the CVE ID CVE-2024-28824 also has one height Risk level and a CVSSv3 score of 8.8/10, as the checkmk developers write in their security notice.
A similar problem is hidden in the mk_oracle plugin, which is intended for monitoring the databases of the same name. An attacker has the opportunity to use the programs called by the plugin sqlplus
, tnsping
and crsctl
To replace the files manipulated in this way, mk_oracle executes them with root rights. According to the checkmk team, this error also has a high Risk (CVSS 8.2) and carries the CVE ID CVE-2024-0638.
Only from lower Dangerousness (CVSS 3.8) is another bug in the Oracle plugin. This calls the sqlplus binary and passes it the access data to the Oracle server on the command line. Other users of the monitoring server were able to read the access data including the password from the process list, which was sufficient to assign the CVE ID CVE-2024-1742.
Updates to current patch levels
All three errors affected the community variant “checkmk raw” and its versions 2.0.0, 2.1.0, 2.2.0 and 2.3.0 (beta); they are fixed in 2.1.0p41, 2.2.0p24, 2.3.0b4 and 2.4.0b1. Admins who use the affected plugins should plan an update.
Checkmk last fixed several high-risk security gaps in January.
(cku)