PT-2019-16616 · Facebook · Osquery

Published

2019-06-03

Updated

2020-03-06

CVE-2019-3567

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions osquery versions prior to 3.4.0

Description The issue allows an attacker to inject a new executable path into the extensions.load file for osquery and hard link a parent folder of a malicious binary to a folder with known 'safe' permissions. Under those circumstances, osquery will load the malicious executable with SYSTEM permissions. This is due to a misconfiguration of access rights in osquery for Windows.

Recommendations For osquery versions prior to 3.4.0, migrate installations to the 'Program Files' directory on Windows, which restricts unprivileged write access.

Fix

Improper Access Control

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-59

Related Identifiers

CVE-2019-3567

Affected Products

Osquery

PT-2019-16616 · Facebook · Osquery

CVE-2019-3567

Weakness Enumeration

Related Identifiers

Affected Products

References · 6