CVE-2019-12779

NONE EPSS 46.7%
Published Jun 7, 20197y ago · Modified Jun 17, 20262w ago
Find Similar
Published Jun 7, 2019 7y ago
Last Modified Jun 17, 2026 2w ago

Description

libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames (under /dev/shm and /tmp) without O_EXCL.

Threat Intelligence

EPSS Exploit Probability
46.7% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-59

Affected Products 1

VendorProductVersionRange
clusterlabslibqb* <1.0.5

References 10

  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00017.html
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00027.html
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00031.html
  • securityfocus.com http://www.securityfocus.com/bid/108691
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2019:3610
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1695948
    ExploitPatchThird Party AdvisoryVDB Entry
  • github.com https://github.com/ClusterLabs/libqb/issues/338
    ExploitIssue TrackingPatchThird Party Advisory
  • github.com https://github.com/ClusterLabs/libqb/releases/tag/v1.0.4
    Release NotesThird Party Advisory
  • github.com https://github.com/ClusterLabs/libqb/releases/tag/v1.0.5
    Release NotesThird Party Advisory
  • security.gentoo.org https://security.gentoo.org/glsa/202107-03

Remediation

  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1695948
    ExploitPatchThird Party AdvisoryVDB Entry
  • github.com https://github.com/ClusterLabs/libqb/issues/338
    ExploitIssue TrackingPatchThird Party Advisory