Wir nutzen Cookies, um Ihnen eine optimale Nutzung dieser Webseite zu ermöglichen. Mehr Informationen finden Sie im Datenschutzhinweis. Wir nehmen an, dass Sie damit einverstanden sind, falls Sie diese Webseite weiter besuchen.

Ihre Cookie-Einstellungen
Ihre Einstellungen wurden aktualisiert.
Damit die Änderungen wirksam werden, löschen Sie bitte Ihre Browser-Cookies und den Cache und laden dann die Seite neu.

Werk #11263: Fix piggyback path traversal

KomponenteCore & Setup
TitelFix piggyback path traversal
Datum2020-08-14 13:47:23
Checkmk EditionCheckmk Raw Edition (CRE)
Checkmk Version2.0.0i1,1.6.0p16,1.5.0p25
LevelProminent Change
KlasseSecurity Fix
KompatibilitätIncompatible - Manual interaction might be required

In previous versions it was possible to create files in the querying Checkmk site by modifying or extending an agent on a monitored system.

So an attacker who gained rights on a monitored system to extend the agent could create and modify files in the monitoring Checkmk site with certain modifications of the agent. The creation or modification of files in the Checkmk site was done with rights of the Checkmk site user.

This problem is now solved by a better validation of hostnames of piggybacked hosts. With this change only these characters are allowed in Piggybacked hostnames: 0-9a-zA-Z_.-. These are exactly the same characters that Checkmk normally allows when creating hostnames. A special feature of Piggyback hostnames is that all illegal hostnames are replaced by "_".

This change means that Piggyback hosts created with now invalid characters will have to be created differently after this change so that they can continue to be monitored.