Main Vulnerability Database SB2019072208

SB2019072208 - Privilege escalation in GNU patch

Published: July 22, 2019

Security Bulletin ID SB2019072208

Severity

Low

Patch available

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Link Resolution Before File Access ('Link Following') (CVE-ID: CVE-2019-13636)

The vulnerability allows a local user to gain unauthorized access to files or directories on a targeted system.

The vulnerability exists due to the software mishandles the following of symlinks in certain cases other than input files in the "inp.c" and "util.c" files. A local authenticated user can gain unauthorized access to read or modify files and directories on a targeted system.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://git.savannah.gnu.org/cgit/patch.git/commit/?id=dce4683cbbe107a95f1f0d45fabc304acfb5d71a
https://lists.debian.org/debian-lts-announce/2019/07/msg00016.html