FUN WITH LINUX

CVE-2019-15741: Privilege Escalation via Logrotate in Gitlab Omnibus

4 October 2019

Overview

  • Identifier: AIT-SA-20190930-01
  • Target: GitLab Omnibus
  • Vendor: GitLab
  • Version: 7.4 through 12.2.1
  • Fixed in Version: 12.2.3, 12.1.8 and 12.0.8
  • CVE: CVE-2019-15741
  • Accessibility: Local
  • Severity: Low
  • Author: Wolfgang Hotwagner (AIT Austrian Institute of Technology)

Vulnerability Description

GitLab Omnibus sets the ownership of the log directory to the system-user “git”, which might let local users obtain root access because of unsafe interaction with logrotate.

Vulnerable Versions

7.4 through 12.2.1

Impact

An attacker who already achieved a valid shell as user “git” could elevate the privileges to “root”. The fact that another exploit is needed to get a shell lowers the severity from high to low.

Advisory URL

http://www.ait.ac.at/ait-sa-20190930-01-privilege-escalation-via-logrotate-in-gitlab-omnibus

References:

[ Linux  Programming  Sysadmin  Security  git  CVE  logrotate  ]
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 Unported License.

Copyright 2015-present Hoti