Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 638686 (CVE-2017-16933) - <net-analyzer/icinga2-2.8.2: root privilege escalation via prepare-dirs (systemd service)
Summary: <net-analyzer/icinga2-2.8.2: root privilege escalation via prepare-dirs (syst...
Alias: CVE-2017-16933
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B1 [cve]
Depends on:
Reported: 2017-11-24 13:55 UTC by Michael Orlitzky
Modified: 2020-08-05 01:41 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Michael Orlitzky gentoo-dev 2017-11-24 13:55:41 UTC
The icinga2 systemd service file allows the unprivileged $ICINGA2_USER to gain root privileges by replacing the target of "chown" with a link. The vulnerability itself is in another script called "prepare-dirs" that is executed before starting the systemd service.

Our OpenRC service script is not vulnerable.

This hasn't been fixed upstream yet, but my recommendation is that the $ICINGA2_USER and $ICINGA2_GROUP runtime variables be eliminated. Trying to change an in-use UID/GID on a live system is fraught with dangers like these.
Comment 1 D'juan McDonald (domhnall) 2019-07-17 02:52:14 UTC
Upsteam has fixed issue in: with

Tree looks good!

Keywords for net-analyzer/icinga2:
       |                               a   |       |  
       |                               m   |       |  
       |                               d x |       |  
       |                               6 8 |       |  
       |                               4 6 |   u   |  
       | a a   a     p r           s   | | |   n   |  
       | l m   r i   p i   h m s   p m f f | e u s | r
       | p d a m a p c s x p 6 3   a i b b | a s l | e
       | h 6 r 6 6 p 6 c 8 p 8 9 s r p s s | p e o | p
       | a 4 m 4 4 c 4 v 6 a k 0 h c s d d | i d t | o
2.10.5 | o + ~ ~ o ~ ~ o + o o o o o o o o | 6 o 0 | gentoo
  9999 | o o o o o o o o o o o o o o o o o | 6 o   | gentoo

@security please proceed.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2020-06-23 06:40:21 UTC
Upstream's first release with the fix-commit is v2.8.2. Tree was clean with our commit dfff36d5a809ea50f80c1a0b21e2469236399e34:

commit dfff36d5a809ea50f80c1a0b21e2469236399e34
Author: Matthew Thode <>
Date:   Thu Mar 22 12:17:01 2018 -0500

    net-analyzer/icinga2: 2.8.2 stable amd64 x86 ppc ppc64

    removed 2.8.1, fast stable with removal for the following CVEs

    CVE-2017-16933, CVE-2018-6532, CVE-2018-6533,
    CVE-2018-6534, CVE-2018-6535, CVE-2018-6536

    Package-Manager: Portage-2.3.24, Repoman-2.3.6

 delete mode 100644 net-analyzer/icinga2/icinga2-2.8.1.ebuild
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-08-05 01:41:10 UTC
Let's just close it then, the tree has been clean for a good while.