Multiple vulnerabilities in pacman



Published: 2019-10-23
Risk Medium
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2019-18182
CVE-2019-18183
CWE-ID CWE-78
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
pacman
Client/Desktop applications / Software for system administration

Vendor Arch Linux

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) OS Command Injection

EUVDB-ID: #VU22197

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-18182

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation within the the download_with_xfercommand() function in src/pacman/conf.c file in pacman. A remote attacker can trick the victim to enable a non-default XferCommand to retrieve an attacker-controlled crafted database and package and execute arbitrary OS commands on the system with privileges of the current user.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

pacman: 5.0.0 - 5.1.3

CPE2.3 External links

http://security.archlinux.org/advisory/ASA-201910-13
http://security.archlinux.org/CVE-2019-18182


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) OS Command Injection

EUVDB-ID: #VU22198

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-18183

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation within the the apply_deltas() function in lib/libalpm/sync.c file in pacman. A remote attacker can trick the victim to enable a non-default delta feature, retrieve an attacker-controlled crafted database and package and execute arbitrary OS commands on the system with privileges of the current user.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

pacman: 5.0.0 - 5.1.3

CPE2.3 External links

http://security.archlinux.org/advisory/ASA-201910-13
http://security.archlinux.org/CVE-2019-18183


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###