Executive Summary

Informations
NameCVE-2019-13272First vendor Publication2019-07-17
VendorCveLast vendor Modification2019-07-25

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score7.2Attack RangeLocal
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score3.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13272

CWE : Common Weakness Enumeration

%idName
100 %CWE-264Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

TypeDescriptionCount
Os3
Os1
Os3020

Sources (Detail)

SourceUrl
BUGTRAQ https://seclists.org/bugtraq/2019/Jul/30
https://seclists.org/bugtraq/2019/Jul/33
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1730895
https://bugzilla.suse.com/show_bug.cgi?id=1140671
https://security.netapp.com/advisory/ntap-20190806-0001/
https://support.f5.com/csp/article/K91025336
DEBIAN https://www.debian.org/security/2019/dsa-4484
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr...
MISC http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permi...
http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slack...
http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice...
https://bugs.chromium.org/p/project-zero/issues/detail?id=1903
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=69...
https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c...
MLIST https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html
https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html
REDHAT https://access.redhat.com/errata/RHSA-2019:2405
https://access.redhat.com/errata/RHSA-2019:2411
UBUNTU https://usn.ubuntu.com/4093-1/
https://usn.ubuntu.com/4094-1/
https://usn.ubuntu.com/4095-1/
https://usn.ubuntu.com/4117-1/
https://usn.ubuntu.com/4118-1/

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
DateInformations
2019-09-12 12:11:01
  • Multiple Updates
2019-09-03 12:03:33
  • Multiple Updates
2019-08-31 12:07:57
  • Multiple Updates
2019-08-29 12:07:31
  • Multiple Updates
2019-08-28 12:05:37
  • Multiple Updates
2019-08-14 12:10:36
  • Multiple Updates
2019-08-08 12:04:42
  • Multiple Updates
2019-08-07 12:10:31
  • Multiple Updates
2019-08-06 12:03:50
  • Multiple Updates
2019-07-26 00:19:17
  • Multiple Updates
2019-07-24 21:19:28
  • Multiple Updates
2019-07-24 05:19:23
  • Multiple Updates
2019-07-22 17:19:29
  • Multiple Updates
2019-07-21 05:19:11
  • Multiple Updates
2019-07-19 12:06:52
  • Multiple Updates
2019-07-18 17:19:15
  • Multiple Updates
2019-07-17 21:19:31
  • Multiple Updates
2019-07-17 17:18:50
  • First insertion