First published: Wed Apr 03 2019(Updated: )
libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames (under /dev/shm and /tmp) without O_EXCL.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Clusterlabs Libqb | <1.0.5 | |
redhat/libqb | <1.0.4 | 1.0.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-12779 is a vulnerability in libqb before version 1.0.5 that allows local users to overwrite arbitrary files via a symlink attack.
CVE-2019-12779 works by using predictable filenames (under /dev/shm and /tmp) without O_EXCL, making it susceptible to symlink attacks.
CVE-2019-12779 has a severity rating of 7.1 (high).
Clusterlabs Libqb before version 1.0.5 and Red Hat libqb before version 1.0.4 are affected by CVE-2019-12779.
To fix CVE-2019-12779, update Clusterlabs Libqb to version 1.0.5 or higher and Red Hat libqb to version 1.0.4 or higher.