Published: 04/02/2019 Updated: 29/07/2019

CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4

CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1

VMScore: 392

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

It exists that tmpreaper incorrectly handled certain mount operations. A local attacker could possibly use this issue to create arbitrary files, leading to privilege escalation.

Vulnerable Product	Search on Vulmon	Subscribe to Product
debian tmpreaper 1.6.13\\+nmu1
debian debian linux 8.0
debian debian linux 9.0

Debian Bug report logs - #918956 tmpreaper: CVE-2019-3461 Package: src:tmpreaper; Maintainer for src:tmpreaper is Paul Slootman <paul@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 10 Jan 2019 21:57:01 UTC Severity: grave Tags: security Found in version tmpreaper/1613+nmu1 Fixed in v ...

tmpreaper could be made to overwrite files as the administrator ...

PathAuditor The PathAuditor is a tool meant to find file access related vulnerabilities by auditing libc functions The idea is roughly as follows: Audit every call to filesystem related libc functions performed by the binary Check if the path used in the syscall is user-writable In this case an unprivileged user could have replaced a directory or file with a symlink Log al

CWE-362 https://lists.debian.org/debian-security-announce/2019/msg00003.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918956 https://lists.debian.org/debian-lts-announce/2019/01/msg00017.html https://usn.ubuntu.com/4077-1/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918956 https://usn.ubuntu.com/4077-1/https://nvd.nist.gov

CVE-2019-3461

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect