In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
|
History
07 Nov 2023, 03:03
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
17 Jan 2023, 21:25
Type | Values Removed | Values Added |
---|---|---|
CPE |
28 Nov 2021, 23:34
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/165051/Linux-Kernel-5.1.x-PTRACE_TRACEME-pkexec-Local-Privilege-Escalation.html - Third Party Advisory, VDB Entry |
23 Nov 2021, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Jun 2021, 15:42
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:* cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_real_time:8:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:5.2:-:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* |
|
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:2411 - Third Party Advisory | |
References | (BUGTRAQ) https://seclists.org/bugtraq/2019/Jul/30 - Issue Tracking, Mailing List, Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4093-1/ - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4117-1/ - Third Party Advisory | |
References | (CONFIRM) https://support.f5.com/csp/article/K91025336 - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4118-1/ - Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20190806-0001/ - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4094-1/ - Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html - Third Party Advisory, VDB Entry | |
References | (MISC) http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html - Third Party Advisory, VDB Entry | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://support.f5.com/csp/article/K91025336?utm_source=f5support&utm_medium=RSS - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html - Mailing List, Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:2405 - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:2809 - Third Party Advisory | |
References | (BUGTRAQ) https://seclists.org/bugtraq/2019/Jul/33 - Issue Tracking, Mailing List, Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4095-1/ - Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/154957/Linux-Polkit-pkexec-Helper-PTRACE_TRACEME-Local-Root.html - Exploit, Third Party Advisory, VDB Entry | |
References | (MISC) http://packetstormsecurity.com/files/156929/Linux-PTRACE_TRACEME-Local-Root.html - Exploit, Third Party Advisory, VDB Entry | |
References | (MISC) https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17 - Patch, Vendor Advisory |
Information
Published : 2019-07-17 13:15
Updated : 2023-12-10 12:59
NVD link : CVE-2019-13272
Mitre link : CVE-2019-13272
CVE.ORG link : CVE-2019-13272
JSON object : View
Products Affected
netapp
- solidfire
- steelstore_cloud_integrated_storage
- aff_a700s
- e-series_performance_analyzer
- h610s_firmware
- hci_compute_node
- e-series_santricity_os_controller
- h410c
- active_iq_unified_manager
- hci_management_node
- aff_a700s_firmware
- service_processor
- h610s
- h410c_firmware
canonical
- ubuntu_linux
redhat
- enterprise_linux
- enterprise_linux_for_real_time
debian
- debian_linux
fedoraproject
- fedora
linux
- linux_kernel
CWE
CWE-269
Improper Privilege Management