CVE-2019-12779
NONE EPSS 46.7%
Published Jun 7, 20197y ago · Modified Jun 17, 20262w ago
Published Jun 7, 2019 7y ago
Last Modified Jun 17, 2026 2w ago
Description
libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames (under /dev/shm and /tmp) without O_EXCL.
Threat Intelligence
EPSS Exploit Probability
46.7% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-59
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| clusterlabs | libqb | * | <1.0.5 |
References 10
- lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00017.html
- lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00027.html
- lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00031.html
- securityfocus.com http://www.securityfocus.com/bid/108691
- access.redhat.com https://access.redhat.com/errata/RHSA-2019:3610
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1695948
- github.com https://github.com/ClusterLabs/libqb/issues/338
- github.com https://github.com/ClusterLabs/libqb/releases/tag/v1.0.4
- github.com https://github.com/ClusterLabs/libqb/releases/tag/v1.0.5
- security.gentoo.org https://security.gentoo.org/glsa/202107-03
Remediation
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1695948
- github.com https://github.com/ClusterLabs/libqb/issues/338