PT-2019-12939 · Opensuse+4 · Libqb+4

Topimiettinen

Publicado

2019-04-03

Atualizado

2021-07-03

CVE-2019-12779

CVSS v3.1

7.1

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions libqb versions prior to 1.0.5

Description The issue allows local users to overwrite arbitrary files via a symlink attack. This is because libqb uses predictable filenames under /dev/shm and /tmp without O EXCL.

Recommendations For versions prior to 1.0.5, update to version 1.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to /dev/shm and /tmp to minimize the risk of exploitation.

Exploit

Correção

Link Following

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-59

Identificadores relacionados

ALT-PU-2019-1914

CESA-2019_3610

CESA-2020_1189

CVE-2019-12779

MGASA-2020-0048

OESA-2021-1141

OPENSUSE-SU-2019:1718-1

OPENSUSE-SU-2019:1752-1

OPENSUSE-SU-2019:1891-1

OPENSUSE-SU-2019_1718-1

OPENSUSE-SU-2019_1752-1

OPENSUSE-SU-2024:10974-1

RHSA-2019:3610

RHSA-2019_3610

RHSA-2020:1189

RHSA-2020_1189

SUSE-SU-2019:1791-1

SUSE-SU-2019:1806-1

SUSE-SU-2019:1812-1

SUSE-SU-2019_1791-1

SUSE-SU-2019_1806-1

SUSE-SU-2019_1812-1

Produtos afetados

Alt Linux

Centos

Red Hat

Suse

Libqb

PT-2019-12939 · Opensuse+4 · Libqb+4

CVE-2019-12779

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 43