CVE-2019-3461

high

Description

Debian tmpreaper version 1.6.13+nmu1 has a race condition when doing a (bind) mount via rename() which could result in local privilege escalation. Mounting via rename() could potentially lead to a file being placed elsewhereon the filesystem hierarchy (e.g. /etc/cron.d/) if the directory being cleaned up was on the same physical filesystem. Fixed versions include 1.6.13+nmu1+deb9u1 and 1.6.14.

References

https://usn.ubuntu.com/4077-1/

https://lists.debian.org/debian-security-announce/2019/msg00003.html

https://lists.debian.org/debian-lts-announce/2019/01/msg00017.html

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918956

Details

Source: Mitre, NVD

Published: 2019-02-04

Updated: 2019-07-29

Risk Information

CVSS v2

Base Score: 4.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High