VYPR
Medium severity5.5OSV Advisory· Published Feb 2, 2018· Updated Jun 17, 2026

CVE-2018-6536

CVE-2018-6536

Description

An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates an icinga2.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for icinga2.pid modification before a root script executes a "kill cat /pathname/icinga2.pid" command, as demonstrated by icinga2.init.d.cmake.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Icinga/IcingaOSV2 versions
    v2.0.0, v2.0.1, v2.0.2, …+ 1 more
    • (no CPE)range: v2.0.0, v2.0.1, v2.0.2, …
    • (no CPE)range: >=2.0, <=2.8.1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.