PT-2019-5781 · Isi+1 · Inn+1
Johannes Segitz
·
Published
2019-10-17
·
Updated
2024-06-15
·
CVE-2019-3692
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
inn versions 2.4.2-170.21.3.1 and prior versions
inn versions 2.5.4-lp151.2.47 and prior versions
inn versions 2.6.2-2.2 and prior versions
Description
The issue allows local attackers to escalate from user inn to root via symlink attacks. This is due to incorrect link resolution before accessing a file, which can allow an attacker to gain unauthorized access to protected information and execute arbitrary code.
Recommendations
For inn version 2.4.2-170.21.3.1 and prior versions, update to a version later than 2.4.2-170.21.3.1 to resolve the issue.
For inn version 2.5.4-lp151.2.47 and prior versions, update to a version later than 2.5.4-lp151.2.47 to resolve the issue.
For inn version 2.6.2-2.2 and prior versions, update to a version later than 2.6.2-2.2 to resolve the issue.
As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.
Exploit
Fix
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Suse
Inn