PT-2019-16616 · Facebook · Osquery

Publicado

2019-06-03

Atualizado

2020-03-06

CVE-2019-3567

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions osquery versions prior to 3.4.0

Description The issue allows an attacker to inject a new executable path into the extensions.load file for osquery and hard link a parent folder of a malicious binary to a folder with known 'safe' permissions. Under those circumstances, osquery will load the malicious executable with SYSTEM permissions. This is due to a misconfiguration of access rights in osquery for Windows.

Recommendations For osquery versions prior to 3.4.0, migrate installations to the 'Program Files' directory on Windows, which restricts unprivileged write access.

Correção

Improper Access Control

Link Following

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284CWE-59

Identificadores relacionados

CVE-2019-3567

Produtos afetados

Osquery

PT-2019-16616 · Facebook · Osquery

CVE-2019-3567

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6