FYHTECH

FUN WITH LINUX

CVE-2019-15741: Privilege Escalation via Logrotate in Gitlab Omnibus

4 October 2019

Overview

  • Identifier: AIT-SA-20190930-01
  • Target: GitLab Omnibus
  • Vendor: GitLab
  • Version: 7.4 through 12.2.1
  • Fixed in Version: 12.2.3, 12.1.8 and 12.0.8
  • CVE: CVE-2019-15741
  • Accessibility: Local
  • Severity: Low
  • Author: Wolfgang Hotwagner (AIT Austrian Institute of Technology)

Vulnerability Description

GitLab Omnibus sets the ownership of the log directory to the system-user “git”, which might let local users obtain root access because of unsafe interaction with logrotate.

Vulnerable Versions

7.4 through 12.2.1

Impact

An attacker who already achieved a valid shell as user “git” could elevate the privileges to “root”. The fact that another exploit is needed to get a shell lowers the severity from high to low.

Advisory URL

http://www.ait.ac.at/ait-sa-20190930-01-privilege-escalation-via-logrotate-in-gitlab-omnibus

References:

[ Linux  Programming  Sysadmin  Security  git  CVE  logrotate  ]
User image

My name is Wolfgang Hotwagner. I am a Linux and Information Security enthusiast from Vienna. This blog is about my journey through Computer Science.

Tag Cloud

Hardware Database Shell External Mathematics Raspberry Desktop Kernel Postgresql Perl logrotate Backup Sysadmin Downloads Zsh Virtualization Ansible Toscom apache Crypto PHP Software-Raid One-Liner Open-Source Network Web Btrfs git News xmas Certification Proxy Suricata Email Docker Mail TerminalEmulator Bash Ruby Anniversary Debian HackADay Puppet Programming LVM Multimedia Linux Security Blog openssl C vim Nagios CLI Tricks Firewall Fun CVE

Recent Posts

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 Unported License.

Copyright 2015-present Hoti