PT-2019-15778 · Shibboleth+2 · Shibboleth Service Provider+2

Johannes Segitz

Publicado

2019-11-21

Atualizado

2024-06-15

CVE-2019-19191

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Shibboleth Service Provider (SP) versions 3.x before 3.1.0

Description The issue allows a user to escalate to root by pointing symlinks to sensitive files, such as /etc/shadow, due to a spec file that calls chown on files in a directory controlled by the service user after installation.

Recommendations For Shibboleth Service Provider (SP) versions 3.x before 3.1.0, update to version 3.1.0 or later to resolve the issue.

Exploit

Correção

Link Following

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-59

Identificadores relacionados

CVE-2019-19191

OPENSUSE-SU-2020:0020-1

OPENSUSE-SU-2020_0020-1

OPENSUSE-SU-2024:11381-1

SUSE-SU-2019:3386-1

SUSE-SU-2019_3386-1

SUSE-SU-2020:0115-1

SUSE-SU-2020_0115-1

Produtos afetados

Debian

Shibboleth Service Provider

Suse

PT-2019-15778 · Shibboleth+2 · Shibboleth Service Provider+2

CVE-2019-19191

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 17