Description
Privilege escalation in Checkmk versions 2.5.0 before 2.5.0p9, 2.4.0 before 2.4.0p34, 2.3.0 before 2.3.0p49, and 2.2.0 (EOL) allows a local unprivileged user to execute arbitrary commands as root by starting a process crafted to look like a SAP HANA instance. Without an explicit database configuration, the mk_sap_hana agent plugin derives instance identifiers from the process list and uses them to build a command executed with elevated privileges (requires the plugin to run as root with RUNAS=agent).
Problem types
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Product status
2.5.0 (semver) before 2.5.0p9
2.4.0 (semver) before 2.4.0p34
2.3.0 (semver) before 2.3.0p49
2.2.0 (semver)
References
checkmk.com/werk/20104