Local Privilege Escalation in Debian tmpreaper by The Debian Project
CVE-2019-3461

7HIGH

Key Information:

Vendor
Debian Gnu/linux
Status
Tmpreaper
Vendor
CVE Published:
4 February 2019

Summary

A race condition exists in Debian's tmpreaper, specifically in versions 1.6.13+nmu1, where improper handling of bind mounts via rename() can lead to a local privilege escalation. This flaw can result in files being incorrectly placed in sensitive areas of the filesystem, such as /etc/cron.d/, during cleanup operations. It is crucial for users of affected versions to upgrade to fixed releases to mitigate potential exploitation risks.

Affected Version(s)

tmpreaper 1.6.13+nmu1

References

https://lists.debian.org/debian-lts-announce/2019/01/msg0...
mailing-listx_refsource_MLIST
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918956
x_refsource_MISC
https://lists.debian.org/debian-security-announce/2019/ms...
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.