Vulnerability CVE-2019-18466

Vulnerability Name:

CVE-2019-18466 (CCN-170305)

Assigned:

2019-08-22

Published:

2019-08-22

Updated:

2020-01-15

Summary:

An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that, when copied by a victim user to the host filesystem, may overwrite existing files with others from the host.

CVSS v3 Severity:

5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
3.5 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

2.5 Low (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)
2.2 Low (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-59

Vulnerability Consequences:

File Manipulation

References:

Source: MITRE
Type: CNA
CVE-2019-18466

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2020:0398

Source: REDHAT
Type: UNKNOWN
RHSA-2019:4269

Source: CCN
Type: Red Hat Bugzilla Bug 1744588
(CVE-2019-18466) - CVE-2019-18466 podman: resolving symlink in host filesystem leads to unexpected results of copy operation

Source: MISC
Type: Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1744588

Source: XF
Type: UNKNOWN
libpod-cve201918466-symlink(170305)

Source: MISC
Type: Patch
https://github.com/containers/libpod/commit/5c09c4d2947a759724f9d5aef6bac04317e03f7e

Source: MISC
Type: Patch
https://github.com/containers/libpod/compare/v1.5.1...v1.6.0

Source: CCN
Type: libpod GIT Repository
podman cp dereferences symlink in host context after filepath.Glob(srcPath) #3829

Source: MISC
Type: Exploit, Third Party Advisory
https://github.com/containers/libpod/issues/3829

Vulnerable Configuration:

Configuration 1:

cpe:/a:libpod_project:libpod:*:*:*:*:*:*:*:* (Version < 1.6.0)

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:4668	P	Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP5) (Important)	2022-08-10
oval:org.opensuse.security:def:4652	P	Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP5) (Important)	2022-07-21
oval:org.opensuse.security:def:3793	P	Security update for xorg-x11-server (Important)	2022-07-12
oval:org.opensuse.security:def:3810	P	ucode-intel-20191112-1.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3799	P	sysstat-12.0.2-10.24.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:201918466	V	CVE-2019-18466	2022-05-22
oval:org.opensuse.security:def:69278	P	Recommended update for php7 (Moderate)	2021-12-06
oval:org.opensuse.security:def:51684	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:64595	P	Security update for python (Moderate)	2021-10-20
oval:org.opensuse.security:def:51650	P	Security update for bind (Moderate)	2021-08-30
oval:org.opensuse.security:def:1969	P	libnss_slurm2-20.11.5-2.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63486	P	libjpeg-turbo-1.5.3-5.15.7 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:62784	P	libexiv2-26-0.26-6.8.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1943	P	perl-Config-IniFiles-2.94-1.23 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71847	P	kdump-0.9.0-16.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62812	P	libsmi-devel-0.4.8-1.29 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1932	P	libpcp-devel-4.3.1-3.11.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62787	P	libgypsy-devel-0.9-2.30 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:72734	P	jackson-databind-2.10.5.1-3.3.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1923	P	graphviz-perl-2.40.1-6.6.8 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1949	P	perl-doc-5.26.1-15.87 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62990	P	apache-pdfbox-1.8.16-1.68 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62780	P	libcolord-gtk-devel-0.1.26-1.48 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1941	P	pam-devel-32bit-1.3.0-6.29.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1927	P	jcl-over-slf4j-1.7.30-1.34 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1921	P	go1.16-1.16.3-1.11.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:64537	P	Security update for libnettle (Important)	2021-06-23
oval:org.opensuse.security:def:64707	P	Security update for libxml2 (Moderate)	2021-06-09
oval:org.opensuse.security:def:1974	P	libopenssl-1_0_0-devel-1.0.2n-1.32 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48455	P	krb5-appl-clients-1.0.3-1.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48919	P	libIlmImf-Imf_2_1-21-32bit-2.1.0-6.3.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48580	P	ntp-4.2.8p8-14.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48438	P	gtk2-data-2.24.31-7.11 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48439	P	guestfs-data-1.32.4-14.18 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:1976	P	openldap2-2.4.46-7.10 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48778	P	icu-52.1-7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:51580	P	Security update for libX11 (Important)	2021-06-08
oval:org.opensuse.security:def:51759	P	Security update for nghttp2 (Important)	2021-03-24
oval:org.opensuse.security:def:74649	P	Security update for go1.15 (Moderate)	2021-01-28
oval:org.opensuse.security:def:63283	P	libvirglrenderer0-0.6.0-4.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:71731	P	tar-1.30-3.3.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:3963	P	libcares-devel-1.9.1-9.4.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4002	P	liblcms-devel-1.19-17.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72618	P	git-2.16.4-3.9.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:3891	P	freerdp-devel-2.0.0~git.1463131968.4e66df7-12.8.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4007	P	libmikmod-devel-3.2.0-4.54 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4010	P	libmspack-devel-0.4-14.4 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:3848	P	accountsservice-devel-0.6.42-16.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:3980	P	libgit2-24-0.24.1-7.9.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:49013	P	libid3tag0-0.15.1b-184.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:3907	P	gnome-settings-daemon-devel-3.20.1-50.16.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63633	P	libpskc-devel-2.6.2-1.15 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:1964	P	libmunge2-0.5.14-4.9.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4014	P	libndr-devel-4.10.5+git.129.35f7bb6e177-1.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:3879	P	dpdk-devel-18.11.2-1.59 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2614	P	Security update for helm-mirror (Moderate)	2020-12-02
oval:org.opensuse.security:def:2624	P	Security update for cni, cni-plugins, conmon, fuse-overlayfs, podman (Moderate)	2020-12-02
oval:org.opensuse.security:def:64327	P	libgd3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:65944	P	Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP1) (Important)	2020-12-01
oval:org.opensuse.security:def:49167	P	libfreebl3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50694	P	Security update for qemu (Important)	2020-12-01
oval:org.opensuse.security:def:66034	P	Security update for cni, cni-plugins, conmon, fuse-overlayfs, podman (Moderate)	2020-12-01
oval:org.opensuse.security:def:51496	P	Security update for python3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:50997	P	Security update for MozillaThunderbird and mozilla-nspr (Important)	2020-12-01
oval:org.opensuse.security:def:63862	P	Security update for python (Important)	2020-12-01
oval:org.opensuse.security:def:49721	P	wavpack on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51059	P	Security update for cni, cni-plugins, conmon, fuse-overlayfs, podman (Moderate)	2020-12-01
oval:org.opensuse.security:def:50331	P	Security update for wpa_supplicant (Moderate)	2020-12-01
oval:org.opensuse.security:def:68391	P	Security update for tigervnc (Critical)	2020-12-01
oval:org.opensuse.security:def:51125	P	Security update for libtasn1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:68494	P	Security update for cni, cni-plugins, conmon, fuse-overlayfs, podman (Moderate)	2020-12-01
oval:org.opensuse.security:def:64328	P	libgstgl-1_0-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49396	P	cups-pk-helper on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53035	P	Security update for libvpx (Moderate)	2020-12-01
oval:org.opensuse.security:def:50857	P	Security update for kernel-firmware (Important)	2020-12-01
oval:org.opensuse.security:def:49552	P	libimobiledevice-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53099	P	Security update for cni, cni-plugins, conmon, fuse-overlayfs, podman (Moderate)	2020-12-01
oval:org.opensuse.security:def:64191	P	corosync on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49617	P	emacs-x11 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:69381	P	Security update for cni, cni-plugins, conmon, fuse-overlayfs, podman (Moderate)	2020-12-01
oval:org.opensuse.security:def:50463	P	Security update for expat (Moderate)	2020-12-01
oval:org.opensuse.security:def:64435	P	perl-LWP-Protocol-https on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51395	P	Security update for libX11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:65057	P	Security update for MozillaThunderbird and mozilla-nspr (Important)	2020-12-01
oval:org.opensuse.security:def:50310	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:49648	P	libSDL2-2_0-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:65147	P	Security update for cni, cni-plugins, conmon, fuse-overlayfs, podman (Moderate)	2020-12-01
oval:org.opensuse.security:def:49485	P	python-tk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:74782	P	Security update for cni, cni-plugins, conmon, fuse-overlayfs, podman (Moderate)	2020-12-01
oval:org.opensuse.security:def:50311	P	Security update for libX11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:50961	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:110444	P	Security update for cni, cni-plugins, conmon, fuse-overlayfs, podman (Moderate)	2020-03-28
oval:org.opensuse.security:def:91620	P	Security update for cni, cni-plugins, conmon, fuse-overlayfs, podman (Moderate)	2020-03-16
oval:org.opensuse.security:def:104150	P	Security update for cni, cni-plugins, conmon, fuse-overlayfs, podman (Moderate)	2020-03-16
oval:org.opensuse.security:def:97460	P	Security update for cni, cni-plugins, conmon, fuse-overlayfs, podman (Moderate)	2020-03-16
oval:org.opensuse.security:def:105275	P	Security update for cni, cni-plugins, conmon, fuse-overlayfs, podman (Moderate)	2020-03-16
oval:org.opensuse.security:def:98585	P	Security update for cni, cni-plugins, conmon, fuse-overlayfs, podman (Moderate)	2020-03-16
oval:org.opensuse.security:def:90495	P	Security update for cni, cni-plugins, conmon, fuse-overlayfs, podman (Moderate)	2020-03-16
oval:com.redhat.rhsa:def:20194269	P	RHSA-2019:4269: container-tools:rhel8 security and bug fix update (Important)	2019-12-17

BACK