CVE-2012-3441

Severity

75%

Complexity

99%

Confidentiality

106%

The database creation script (module/idoutils/db/scripts/create_mysqldb.sh) in Icinga 1.7.1 grants access to all databases to the icinga user, which allows icinga users to access other databases via unspecified vectors.

The database creation script (module/idoutils/db/scripts/create_mysqldb.sh) in Icinga 1.7.1 grants access to all databases to the icinga user, which allows icinga users to access other databases via unspecified vectors.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

First reported 12 years ago

2012-08-25 10:29:00

Last updated 7 years ago

2017-08-29 01:31:00

Affected Software

Icinga 1.7.1

1.7.1

References

openSUSE-SU-2012:0968

[oss-security] 20120730 CVE Request: icinga sample db creation scripts

[oss-security] 20120730 Re: CVE Request: icinga sample db creation scripts

https://bugzilla.novell.com/show_bug.cgi?id=767319

icinga-database-sec-bypass(78874)

https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=712813d3118a5b9e5a496179cab81dbe91f69d63

Exploit, Patch

https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=dcd45fb6931c4abf710829bee21af09f842bc281

Exploit, Patch

https://git.icinga.org/?p=icinga-doc.git;a=commitdiff;h=619a08ca1178144b8a3a5caafff32a2d3918edab

Exploit, Patch

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.