CVE-2019-13272

{"id": "CVE-2019-13272", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2019-07-17T13:15:10.687", "references": [{"url": "http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/154957/Linux-Polkit-pkexec-Helper-PTRACE_TRACEME-Local-Root.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/156929/Linux-PTRACE_TRACEME-Local-Root.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/165051/Linux-Kernel-5.1.x-PTRACE_TRACEME-pkexec-Local-Privilege-Escalation.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2405", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2411", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2809", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1903", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730895", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://bugzilla.suse.com/show_bug.cgi?id=1140671", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGRK5LYWBJ4E4SRI4DKX367NHYSI3VOH/", "source": "cve@mitre.org"}, {"url": "https://seclists.org/bugtraq/2019/Jul/30", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://seclists.org/bugtraq/2019/Jul/33", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://security.netapp.com/advisory/ntap-20190806-0001/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://support.f5.com/csp/article/K91025336", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://support.f5.com/csp/article/K91025336?utm_source=f5support&amp%3Butm_medium=RSS", "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/4093-1/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/4094-1/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/4095-1/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/4117-1/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/4118-1/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.debian.org/security/2019/dsa-4484", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments."}, {"lang": "es", "value": "En el kernel de Linux anterior a versi\u00f3n 5.1.17, ptrace_link en el archivo kernel/ptrace.c maneja inapropiadamente la grabaci\u00f3n de las credenciales de un proceso que desea crear una relaci\u00f3n de ptrace, que permite a los usuarios locales obtener acceso de root aprovechando determinados escenarios con un relaci\u00f3n de proceso padre-hijo, donde un padre elimina los privilegios y llama a execve (permitiendo potencialmente el control por parte de un atacante). Un factor que contribuye es un problema de vida \u00fatil del objeto (que tambi\u00e9n puede causar un p\u00e1nico). Otro factor que contribuye es el marcado incorrecto de una relaci\u00f3n de ptrace como privilegiada, que puede ser explotada mediante (por ejemplo) el ayudante pkexec de Polkit con PTRACE_TRACEME. NOTA: deny_ptrace de SELinux puede ser una soluci\u00f3n \u00fatil en algunos entornos."}], "lastModified": "2023-11-07T03:03:48.947", "cisaActionDue": "2022-06-10", "cisaExploitAdd": "2021-12-10", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA88B130-CD8A-4E14-A1F5-4D1DB031D60E", "versionEndExcluding": "3.16.71", "versionStartIncluding": "3.16.52"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD709672-0E6A-4086-8700-B6C2FDD8599C", "versionEndExcluding": "4.2", "versionStartIncluding": "4.1.39"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19FB5FC5-740B-418F-B83A-3EA6095270C0", "versionEndExcluding": "4.4.185", "versionStartIncluding": "4.4.40"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66431BA1-01B5-476A-B483-AE4E7B830BA7", "versionEndExcluding": "4.9", "versionStartIncluding": "4.8.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A719867-AEB7-4E95-A1DE-B96EA092D9FE", "versionEndExcluding": "4.9.185", "versionStartIncluding": "4.9.1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00D95A2F-5B17-46D9-80D7-2E0D1779C2CE", "versionEndExcluding": "4.14.133", "versionStartIncluding": "4.10"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F921620B-E2A7-421F-8C89-016C51723C17", "versionEndExcluding": "4.19.58", "versionStartIncluding": "4.15"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7049E422-0D4B-45FD-8B06-04BACD44A66E", "versionEndExcluding": "5.1.17", "versionStartIncluding": "4.20"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "vulnerable": true, "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time:8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBF9BCF3-187F-410A-96CA-9C47D3ED6924"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "952F55C9-7E7C-4539-9D08-E736B3488569"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9FED1B0D-F901-413A-85D9-05D4C427570D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "vulnerable": true, "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"}, {"criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6"}, {"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD1E9594-C46F-40D1-8BC2-6B16635B55C4", "versionEndIncluding": "11.60.3", "versionStartIncluding": "11.0.0"}, {"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953"}, {"criteria": "cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "146A767F-DC04-454B-9913-17D3A2B5AAA4"}, {"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737"}, {"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D"}, {"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Linux Kernel Improper Privilege Management Vulnerability"}