PT-2019-12939 · Opensuse+4 · Libqb+4

Topimiettinen

Published

2019-04-03

Updated

2021-07-03

CVE-2019-12779

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions libqb versions prior to 1.0.5

Description The issue allows local users to overwrite arbitrary files via a symlink attack. This is because libqb uses predictable filenames under /dev/shm and /tmp without O EXCL.

Recommendations For versions prior to 1.0.5, update to version 1.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to /dev/shm and /tmp to minimize the risk of exploitation.

Exploit

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

ALT-PU-2019-1914

CESA-2019_3610

CESA-2020_1189

CVE-2019-12779

MGASA-2020-0048

OESA-2021-1141

OPENSUSE-SU-2019:1718-1

OPENSUSE-SU-2019:1752-1

OPENSUSE-SU-2019:1891-1

OPENSUSE-SU-2019_1718-1

OPENSUSE-SU-2019_1752-1

OPENSUSE-SU-2024:10974-1

RHSA-2019:3610

RHSA-2019_3610

RHSA-2020:1189

RHSA-2020_1189

SUSE-SU-2019:1791-1

SUSE-SU-2019:1806-1

SUSE-SU-2019:1812-1

SUSE-SU-2019_1791-1

SUSE-SU-2019_1806-1

SUSE-SU-2019_1812-1

Affected Products

Alt Linux

Centos

Red Hat

Suse

Libqb

PT-2019-12939 · Opensuse+4 · Libqb+4

CVE-2019-12779

Weakness Enumeration

Related Identifiers

Affected Products

References · 43