CVE-2019-12779

Опубликовано: 07 июн. 2019

Источник: debian

EPSS Низкий

Описание

libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames (under /dev/shm and /tmp) without O_EXCL.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
libqb	fixed	1.0.4-1		package
libqb	end-of-life		jessie	package

Примечания

https://github.com/ClusterLabs/libqb/issues/338
https://github.com/ClusterLabs/libqb/commit/6a4067c1d1764d93d255eccecfd8bf9f43cb0b4d
Regression fix: https://github.com/ClusterLabs/libqb/pull/349
Neutralised by kernel hardening

EPSS

Процентиль: 9%

0.00032

Низкий

Связанные уязвимости

CVE-2019-12779

CVSS3: 7.1

ubuntu

больше 6 лет назад

libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames (under /dev/shm and /tmp) without O_EXCL.

CVE-2019-12779

CVSS3: 6.5

redhat

почти 7 лет назад

libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames (under /dev/shm and /tmp) without O_EXCL.

CVE-2019-12779

CVSS3: 7.1

nvd

больше 6 лет назад

libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames (under /dev/shm and /tmp) without O_EXCL.

openSUSE-SU-2019:1752-1

suse-cvrf

больше 6 лет назад

Security update for libqb

openSUSE-SU-2019:1718-1

suse-cvrf

больше 6 лет назад

Security update for libqb

EPSS

Процентиль: 9%

0.00032

Низкий