CVE-2018-6533 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2018-6533 Interim 1 8 2023-01-20T01:41:16Z current 2021-05-30T14:10:42Z 2023-01-20T01:41:16Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2018-6533 An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf file, Icinga 2 can be run as root. Following this the program can be used to run arbitrary code as root. This was fixed by no longer using init.conf to determine account information for any root-executed code (a larger issue than CVE-2017-16933). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Enterprise Storage 4 SUSE Linux Enterprise Module for HPC 12 SUSE Linux Enterprise Module for HPC 12 SUSE Linux Enterprise Module for HPC 12 SUSE Linux Enterprise Module for HPC 12 SUSE Linux Enterprise Module for HPC 12 SUSE Linux Enterprise Module for HPC 12 SUSE Linux Enterprise Module for HPC 12 SUSE Linux Enterprise Module for HPC 12 SUSE Linux Enterprise Module for HPC 12 SUSE Linux Enterprise Module for HPC 12 SUSE Linux Enterprise Module for HPC 12 SUSE Linux Enterprise Module for HPC 12 SUSE Manager Client Tools Beta for SLE 12 SUSE Manager Client Tools for SLE 12 icinga icinga2 icinga2-bin icinga2-common icinga2-doc icinga2-ido-mysql icinga2-ido-pgsql icinga2-libs vim-icinga2 icinga as a component of SUSE Enterprise Storage 4 icinga2 as a component of SUSE Linux Enterprise Module for HPC 12 icinga2-bin as a component of SUSE Linux Enterprise Module for HPC 12 icinga2-common as a component of SUSE Linux Enterprise Module for HPC 12 icinga2-doc as a component of SUSE Linux Enterprise Module for HPC 12 icinga2-ido-mysql as a component of SUSE Linux Enterprise Module for HPC 12 icinga2-ido-pgsql as a component of SUSE Linux Enterprise Module for HPC 12 icinga2-libs as a component of SUSE Linux Enterprise Module for HPC 12 vim-icinga2 as a component of SUSE Linux Enterprise Module for HPC 12 icinga as a component of SUSE Manager Client Tools Beta for SLE 12 icinga as a component of SUSE Manager Client Tools for SLE 12 An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf file, Icinga 2 can be run as root. Following this the program can be used to run arbitrary code as root. This was fixed by no longer using init.conf to determine account information for any root-executed code (a larger issue than CVE-2017-16933). CVE-2018-6533 SUSE Enterprise Storage 4:icinga SUSE Manager Client Tools Beta for SLE 12:icinga SUSE Manager Client Tools for SLE 12:icinga SUSE Linux Enterprise Module for HPC 12:icinga2 SUSE Linux Enterprise Module for HPC 12:icinga2-bin SUSE Linux Enterprise Module for HPC 12:icinga2-common SUSE Linux Enterprise Module for HPC 12:icinga2-doc SUSE Linux Enterprise Module for HPC 12:icinga2-ido-mysql SUSE Linux Enterprise Module for HPC 12:icinga2-ido-pgsql SUSE Linux Enterprise Module for HPC 12:icinga2-libs SUSE Linux Enterprise Module for HPC 12:vim-icinga2 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H