#VU22831 Permissions, Privileges, and Access Controls in Mesos - CVE-2019-0204

Cybersecurity Help s.r.o.

Published: 2019-11-19

Vulnerability identifier: #VU22831

Vulnerability risk: Medium

CVSSv4.0: 5.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-0204

CWE-ID: CWE-264

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Mesos
Server applications / Virtualization software

Vendor: Apache Foundation

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to a specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos. A remote attacker can attacker can gain root-level privileges on the host.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Mesos: 1.4.0 - 1.7.1

External links
https://access.redhat.com/errata/RHSA-2019:3892
https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c@%3Cdev.mesos.apache.org%3E

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM Netcool Operations Insight

Multiple vulnerabilities in Red Hat Fuse

Privilege escalation in Apache Mesos