Vulnerability CVE-2019-12779


Published: 2019-06-07

Description:
libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames (under /dev/shm and /tmp) without O_EXCL.

Type:

CWE-59

(Improper Link Resolution Before File Access ('Link Following'))

Vendor: Clusterlabs
Product: Libqb 
Version:
1.0.4
1.0.3
1.0.2
1.0.1
1.0
0.9.0
0.8.1
0.8.0
0.7.0
0.6.0
0.5.1
0.5.0
0.4.1
0.4.0
0.3.0
0.2.0
0.17.2
0.17.1
0.17.0
0.16.0
0.15.0
0.14.4
0.14.3
0.14.2
0.14.1
0.14.0
0.13.0
0.12.0
0.11.1
0.11.0
0.10.1
0.10.0
0.1.0

CVSS2 => (AV:L/AC:L/Au:N/C:N/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.6/10
9.2/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Complete
Complete

 References:
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00017.html
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00027.html
http://www.securityfocus.com/bid/108691
https://bugzilla.redhat.com/show_bug.cgi?id=1695948
https://github.com/ClusterLabs/libqb/issues/338
https://github.com/ClusterLabs/libqb/releases/tag/v1.0.4
https://github.com/ClusterLabs/libqb/releases/tag/v1.0.5

Related CVE
CVE-2019-10153
A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automate...
CVE-2019-3885
A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs.
CVE-2018-16878
A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS
CVE-2018-16877
A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.
CVE-2016-7035
An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon t...
CVE-2018-1086
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote att...
CVE-2018-1079
pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/put_file query. If the /etc/booth dir...
CVE-2016-0720
Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149.

Copyright 2019, cxsecurity.com

 

Back to Top