CVE-2012-3441

Published: Aug 25, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

The database creation script (module/idoutils/db/scripts/create_mysqldb.sh) in Icinga 1.7.1 grants access to all databases to the icinga user, which allows icinga users to access other databases via unspecified vectors.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20120730 Re: CVE Request: icinga sample db creation scripts

mailing-list

x_refsource_MLIST

https://git.icinga.org/?p=icinga-core.git%3Ba=commitdiff%3Bh=dcd45fb6931c4abf710829bee21af09f842bc281

x_refsource_CONFIRM

https://git.icinga.org/?p=icinga-core.git%3Ba=commitdiff%3Bh=712813d3118a5b9e5a496179cab81dbe91f69d63

x_refsource_CONFIRM

[oss-security] 20120730 CVE Request: icinga sample db creation scripts

mailing-list

x_refsource_MLIST

icinga-database-sec-bypass(78874)

vdb-entry

x_refsource_XF

https://git.icinga.org/?p=icinga-doc.git%3Ba=commitdiff%3Bh=619a08ca1178144b8a3a5caafff32a2d3918edab

x_refsource_CONFIRM

openSUSE-SU-2012:0968

vendor-advisory

x_refsource_SUSE

https://bugzilla.novell.com/show_bug.cgi?id=767319

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2012-3441

Description

Affected Products

References