PT-2018-2638 · Debian+1 · Tmpreaper+1

Stephen Roettger

Published

2018-10-23

Updated

2019-07-29

CVE-2019-3461

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions tmpreaper versions prior to 1.6.13+nmu1+deb9u1 tmpreaper versions prior to 1.6.14

Description The issue is related to a race condition when performing a mount via rename() in tmpreaper, potentially allowing an attacker to escalate privileges or place files in arbitrary locations within the file system hierarchy. This could include sensitive areas such as /etc/cron.d/ if the directory being cleaned up is on the same physical filesystem.

Recommendations For tmpreaper versions prior to 1.6.13+nmu1+deb9u1, update to version 1.6.13+nmu1+deb9u1 or later. For tmpreaper versions prior to 1.6.14, update to version 1.6.14 or later.

Fix

LPE

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

BDU:2019-01255

CVE-2019-3461

DLA-1640-1

DSA-4365-1

USN-4077-1

Affected Products

Ubuntu

Tmpreaper

PT-2018-2638 · Debian+1 · Tmpreaper+1

CVE-2019-3461

Weakness Enumeration

Related Identifiers

Affected Products

References · 16