← back
CVE-2019-12779

CVE-2019-12779

EPSS 0.7%
libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames (under /dev/shm and /tmp) without O_EXCL.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00017.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00027.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00031.htmlhttps://access.redhat.com/errata/RHSA-2019:3610https://bugzilla.redhat.com/show_bug.cgi?id=1695948https://github.com/ClusterLabs/libqb/issues/338https://github.com/ClusterLabs/libqb/releases/tag/v1.0.4https://github.com/ClusterLabs/libqb/releases/tag/v1.0.5https://security.gentoo.org/glsa/202107-03http://www.securityfocus.com/bid/108691