Multiple vulnerabilities in flatpak



Published: 2019-03-26 | Updated: 2023-03-20
Risk Medium
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2019-10063
CVE-2017-5226
CWE-ID CWE-254
CWE-20
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Flatpak
Server applications / Frameworks for developing and running applications

Vendor Flatpak

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Security features bypass

EUVDB-ID: #VU32022

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-10063

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a malicious application to bypass implemented security restrictions.

The vulnerability exists due to improper input validation. If Flatpak runs from a terminal emulator containing an interactive shell, a malicious Flatpak app could inject input into the interactive shell by using the TIOCSTI ioctl.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Flatpak: 1.0.0 - 1.2.3

External links

http://access.redhat.com/errata/RHSA-2019:1024
http://access.redhat.com/errata/RHSA-2019:1143
http://github.com/flatpak/flatpak/issues/2782
http://github.com/flatpak/flatpak/security/advisories/GHSA-7gfv-rvfx-h87x


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU73856

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-5226

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient validation of user-supplied input. The non-privileged session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Flatpak: 1.0.0 - 1.3.0

External links

http://github.com/flatpak/flatpak/security/advisories/GHSA-7gfv-rvfx-h87x


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###