Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-25067

Опубликовано: 09 июн. 2022
Источник: debian

Описание

A vulnerability, which was classified as critical, was found in Podman and Varlink 1.5.1. This affects an unknown part of the component API. The manipulation leads to Remote Privilege Escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-143949 was assigned to this vulnerability.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libpodfixed3.0.0+dfsg1-1package

Примечания

  • https://vuldb.com/?id.143949

  • https://www.exploit-db.com/exploits/47500

  • exploit demo script on client uses Python podman code which is not in Debian

  • refers to old versions of remote code which never made it to a Debian release

  • issue probably present in all versions with varlink, starting 1.6.2+dfsg-1

  • upstream (Fedora/RedHat) refuses to look into it: https://bugzilla.redhat.com/show_bug.cgi?id=2097496

Связанные уязвимости

ubuntu логотип

CVE-2019-25067

CVSS3: 6.3
ubuntu
больше 3 лет назад

A vulnerability, which was classified as critical, was found in Podman and Varlink 1.5.1. This affects an unknown part of the component API. The manipulation leads to Remote Privilege Escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-143949 was assigned to this vulnerability.

redhat логотип

CVE-2019-25067

CVSS3: 8.1
redhat
больше 6 лет назад

A vulnerability, which was classified as critical, was found in Podman and Varlink 1.5.1. This affects an unknown part of the component API. The manipulation leads to Remote Privilege Escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-143949 was assigned to this vulnerability.

nvd логотип

CVE-2019-25067

CVSS3: 6.3
nvd
больше 3 лет назад

A vulnerability, which was classified as critical, was found in Podman and Varlink 1.5.1. This affects an unknown part of the component API. The manipulation leads to Remote Privilege Escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-143949 was assigned to this vulnerability.

github логотип

GHSA-vjwp-mggj-92gq

CVSS3: 8.8
github
больше 3 лет назад

A vulnerability, which was classified as critical, was found in Podman and Varlink 1.5.1. This affects an unknown part of the component API. The manipulation leads to Privilege Escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.