Your submission was sent successfully! Close

CVE-2012-3441

Published: 25 August 2012

The database creation script (module/idoutils/db/scripts/create_mysqldb.sh) in Icinga 1.7.1 grants access to all databases to the icinga user, which allows icinga users to access other databases via unspecified vectors.

Notes

AuthorNote
ebarretto
Debian uses dbconfig, which does the right thing, bug #683320
Priority

Medium

Status

Package Release Status
icinga
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Not vulnerable

cosmic Not vulnerable

disco Not vulnerable

hardy Does not exist

lucid Does not exist

natty Ignored
(reached end-of-life)
oneiric Ignored
(reached end-of-life)
precise Does not exist
(precise was needed)
quantal Ignored
(reached end-of-life)
raring Ignored
(reached end-of-life)
saucy Ignored
(reached end-of-life)
trusty Does not exist
(trusty was not-affected)
upstream Needs triage

utopic Ignored
(reached end-of-life)
vivid Does not exist

wily Ignored
(reached end-of-life)
xenial Not vulnerable

yakkety Ignored
(reached end-of-life)
zesty Ignored
(reached end-of-life)