CVE-2019-19041

Name of the Vulnerable Software and Affected Versions Xorux Lpar2RRD versions 6.11 Stor2RRD versions 2.61 Xorux version 2.41

Description An issue was discovered where the integrity of an upgrade package is not correctly verified before processing. This allows official upgrade packages to be modified, enabling the injection of an arbitrary Bash script that will be executed by the system. The modification can be achieved by altering values in the files.SUM file and injecting malicious code into the upgrade.sh file.

Recommendations For Xorux Lpar2RRD version 6.11, consider disabling the upgrade functionality until a patch is available. For Stor2RRD version 2.61, restrict access to the upgrade.sh file to minimize the risk of exploitation. For Xorux version 2.41, avoid using the modified files.SUM file for integrity control until the issue is resolved.