Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2019-3461

Опубликовано: 04 фев. 2019
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.4
CVSS3: 7

Описание

Debian tmpreaper version 1.6.13+nmu1 has a race condition when doing a (bind) mount via rename() which could result in local privilege escalation. Mounting via rename() could potentially lead to a file being placed elsewhereon the filesystem hierarchy (e.g. /etc/cron.d/) if the directory being cleaned up was on the same physical filesystem. Fixed versions include 1.6.13+nmu1+deb9u1 and 1.6.14.

РелизСтатусПримечание
bionic

released

1.6.13+nmu1+deb9u1build0.18.04.1
cosmic

ignored

end of life
devel

not-affected

1.6.14
disco

not-affected

1.6.14
eoan

not-affected

1.6.14
esm-apps/bionic

released

1.6.13+nmu1+deb9u1build0.18.04.1
esm-apps/focal

not-affected

1.6.14
esm-apps/jammy

not-affected

1.6.14
esm-apps/noble

not-affected

1.6.14
esm-apps/xenial

released

1.6.13+nmu1+deb9u1build0.16.04.1

Показывать по

Ссылки на источники

EPSS

Процентиль: 16%
0.00052
Низкий

4.4 Medium

CVSS2

7 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2019-3461

CVSS3: 7
nvd
около 7 лет назад

Debian tmpreaper version 1.6.13+nmu1 has a race condition when doing a (bind) mount via rename() which could result in local privilege escalation. Mounting via rename() could potentially lead to a file being placed elsewhereon the filesystem hierarchy (e.g. /etc/cron.d/) if the directory being cleaned up was on the same physical filesystem. Fixed versions include 1.6.13+nmu1+deb9u1 and 1.6.14.

debian логотип

CVE-2019-3461

CVSS3: 7
debian
около 7 лет назад

Debian tmpreaper version 1.6.13+nmu1 has a race condition when doing a ...

github логотип

GHSA-qwp6-cgv8-84vv

CVSS3: 7
github
больше 3 лет назад

Debian tmpreaper version 1.6.13+nmu1 has a race condition when doing a (bind) mount via rename() which could result in local privilege escalation. Mounting via rename() could potentially lead to a file being placed elsewhereon the filesystem hierarchy (e.g. /etc/cron.d/) if the directory being cleaned up was on the same physical filesystem. Fixed versions include 1.6.13+nmu1+deb9u1 and 1.6.14.

fstec логотип

BDU:2019-01255

CVSS3: 7
fstec
больше 7 лет назад

Уязвимость в программном обеспечении tmpreaper, связанная с одновременным выполнением с использованием общего ресурса с неправильной синхронизацией, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 16%
0.00052
Низкий

4.4 Medium

CVSS2

7 High

CVSS3