Vulnerability CVE-2019-10063

Vulnerability Name:

CVE-2019-10063 (CCN-160703)

Assigned:

2019-03-22

Published:

2019-03-22

Updated:

2019-05-13

Summary:

Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI ioctl, which could otherwise be used to inject commands into the controlling terminal so that they would be executed outside the sandbox after the sandboxed app exits. This fix was incomplete: on 64-bit platforms, the seccomp filter could be bypassed by an ioctl request number that has TIOCSTI in its 32 least significant bits and an arbitrary nonzero value in its 32 most significant bits, which the Linux kernel would treat as equivalent to TIOCSTI.

CVSS v3 Severity:

9.0 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
7.8 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

8.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

8.8 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
7.7 High (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-20
CWE-266

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2019-10063

Source: REDHAT
Type: UNKNOWN
RHSA-2019:1024

Source: REDHAT
Type: UNKNOWN
RHSA-2019:1143

Source: XF
Type: UNKNOWN
flatpak-cve201910063-sec-bypass(160703)

Source: CCN
Type: Flatpak GIT Repository
CVE-2019-10063: incomplete TIOCSTI filtering, similar to snapd's CVE-2019-7303 #2782

Source: MISC
Type: Issue Tracking, Patch, Third Party Advisory
https://github.com/flatpak/flatpak/issues/2782

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2019-10063

Vulnerable Configuration:

Configuration 1:

cpe:/a:flatpak:flatpak:*:*:*:*:*:*:*:* (Version < 1.0.8)

OR cpe:/a:flatpak:flatpak:*:*:*:*:*:*:*:* (Version >= 1.1.0 and <= 1.1.3)

OR cpe:/a:flatpak:flatpak:*:*:*:*:*:*:*:* (Version >= 1.2.0 and < 1.2.4)

OR cpe:/a:flatpak:flatpak:1.3.0:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration RedHat 6:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration CCN 1:

cpe:/a:flatpak:flatpak:1.0.7:*:*:*:*:*:*:*

OR cpe:/a:flatpak:flatpak:1.2.3:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:201910063	V	CVE-2019-10063	2023-06-22
oval:org.opensuse.security:def:7885	P	flatpak-1.14.4-150500.1.3 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:736	P	Security update for gimp (Moderate)	2022-09-06
oval:org.opensuse.security:def:3488	P	flatpak-1.4.2-1.31 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3268	P	libtiff5-32bit-4.0.9-44.30.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3068	P	flatpak-1.4.2-1.31 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:1182	P	Security update for the Linux Kernel (Important)	2022-06-24
oval:org.opensuse.security:def:94898	P	flatpak-1.12.5-150400.1.11 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:1072	P	Security update for fribidi (Moderate)	2022-05-25
oval:org.opensuse.security:def:1653	P	Security update for salt (Important)	2022-03-30
oval:org.opensuse.security:def:100722	P	(Important)	2022-03-29
oval:org.opensuse.security:def:1538	P	Security update for java-11-openjdk (Moderate)	2022-03-14
oval:org.opensuse.security:def:1428	P	Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP3) (Critical)	2022-02-17
oval:org.opensuse.security:def:112240	P	flatpak-1.11.3-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:8402	P	Security update for the Linux Kernel (Important) (in QA)	2022-01-07
oval:org.opensuse.security:def:8693	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:8684	P	Security update for clamav (Moderate)	2021-12-06
oval:org.opensuse.security:def:6713	P	Security update for the Linux Kernel (Live Patch 21 for SLE 15) (Important)	2021-11-17
oval:org.opensuse.security:def:69940	P	Security update for python-Pygments (Important)	2021-10-20
oval:org.opensuse.security:def:8394	P	Security update for the Linux Kernel (Important)	2021-10-12
oval:org.opensuse.security:def:105770	P	flatpak-1.11.3-1.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:71223	P	libHX-devel-3.22-1.26 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:8651	P	Security update for java-11-openjdk (Important)	2021-09-03
oval:org.opensuse.security:def:9375	P	Security update for c-ares (Important)	2021-08-17
oval:org.opensuse.security:def:6700	P	Security update for the Linux Kernel (Live Patch 21 for SLE 15) (Important)	2021-08-17
oval:org.opensuse.security:def:47258	P	fuse-2.9.3-5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48256	P	pam_krb5-2.4.4-4.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47272	P	gpg2-2.0.24-8.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48318	P	sysstat-12.0.2-10.24.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47393	P	libpng12-0-1.2.50-19.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47586	P	cups-pk-helper-0.2.5-5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47257	P	ft2demos-2.6.3-7.10.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47718	P	libical1-1.0.1-16.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47810	P	libwavpack1-4.60.99-5.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47958	P	autofs-5.1.3-1.17 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48172	P	libpng12-0-1.2.50-19.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48007	P	flatpak-1.4.2-1.31 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:14887	P	flatpak-1.4.2-1.31 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:72461	P	flatpak-1.10.2-4.6.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62742	P	flatpak-1.10.2-4.6.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101148	P	flatpak-1.10.2-4.6.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:8626	P	Security update for MozillaFirefox (Important)	2021-07-27
oval:org.opensuse.security:def:6691	P	Security update for the Linux Kernel (Live Patch 23 for SLE 15) (Important)	2021-07-27
oval:org.opensuse.security:def:9353	P	Security update for dovecot23 (Important)	2021-06-22
oval:org.opensuse.security:def:6682	P	Security update for the Linux Kernel (Live Patch 18 for SLE 15) (Important)	2021-06-18
oval:org.opensuse.security:def:67770	P	Security update for the Linux Kernel (Live Patch 19 for SLE 15) (Important)	2021-06-18
oval:org.opensuse.security:def:64523	P	Security update for libxml2 (Moderate)	2021-06-09
oval:org.opensuse.security:def:48383	P	cifs-utils-6.5-8.9 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48414	P	expat-2.1.0-17.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48485	P	libcgroup-tools-0.41.rc1-4.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:71110	P	tboot-20170711_1.9.6-4.18 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:6468	P	Security update for open-iscsi (Important)	2021-04-13
oval:org.opensuse.security:def:8715	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:94009	P	(Important)	2021-02-26
oval:org.opensuse.security:def:8702	P	Security update for bind (Important)	2021-02-18
oval:org.opensuse.security:def:49459	P	Security update for php72 (Important)	2021-02-17
oval:org.opensuse.security:def:6422	P	Security update for the Linux Kernel (Important)	2021-01-14
oval:org.opensuse.security:def:8532	P	Security update for gcc7 (Moderate)	2020-12-10
oval:org.opensuse.security:def:89867	P	flatpak-1.2.3-2.12 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72236	P	flatpak-1.2.3-2.12 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:103522	P	flatpak-1.2.3-2.12 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62517	P	flatpak-1.2.3-2.12 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:116946	P	flatpak-1.6.3-2.7 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72346	P	flatpak-1.6.3-2.7 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107388	P	flatpak-1.6.3-2.7 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62627	P	flatpak-1.6.3-2.7 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:12881	P	flatpak-1.4.2-1.31 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:66689	P	Security update for python (Important)	2020-12-02
oval:org.opensuse.security:def:36740	P	python-libxml2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37431	P	fontconfig on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67870	P	flatpak on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:7373	P	flatpak on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6624	P	gstreamer on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49569	P	libpango-1_0-0-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73262	P	minicom on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:36876	P	libXcursor1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37459	P	gv on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49623	P	flatpak on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:36644	P	libXvMC1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6649	P	krb5-appl-clients on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:8551	P	xfsprogs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:36977	P	openslp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37503	P	libXxf86dga1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:70045	P	flatpak on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6400	P	libmikmod3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6392	P	libjpeg-turbo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64436	P	perl-Mail-SpamAssassin on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37034	P	tftp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:7351	P	curl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37124	P	ghostscript on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38141	P	bluez on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38183	P	flatpak on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37284	P	ntp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66597	P	postgresql on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6515	P	sysvinit-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:8424	P	libopenssl-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:36645	P	libXxf86dga1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37343	P	tftp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73380	P	flatpak on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6530	P	wpa_supplicant on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:8470	P	logwatch on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:36656	P	libfreebl3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37392	P	binutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49513	P	flatpak on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6549	P	NetworkManager on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:8517	P	rtkit on GA media (Moderate)	2020-12-01
oval:com.redhat.rhsa:def:20191143	P	RHSA-2019:1143: flatpak security update (Important)	2019-05-13
oval:com.redhat.rhsa:def:20191024	P	RHSA-2019:1024: flatpak security update (Important)	2019-05-07
oval:com.ubuntu.disco:def:2019100630000000	V	CVE-2019-10063 on Ubuntu 19.04 (disco) - untriaged.	2019-03-26
oval:com.ubuntu.bionic:def:201910063000	V	CVE-2019-10063 on Ubuntu 18.04 LTS (bionic) - untriaged.	2019-03-26
oval:com.ubuntu.cosmic:def:201910063000	V	CVE-2019-10063 on Ubuntu 18.10 (cosmic) - untriaged.	2019-03-26
oval:com.ubuntu.cosmic:def:2019100630000000	V	CVE-2019-10063 on Ubuntu 18.10 (cosmic) - untriaged.	2019-03-26
oval:com.ubuntu.bionic:def:2019100630000000	V	CVE-2019-10063 on Ubuntu 18.04 LTS (bionic) - untriaged.	2019-03-26

BACK