mintinstall (aka Software Manager) 7.9.9 for Linux Mint allows code execution if a REVIEWS_CACHE file is controlled by an attacker, because an unpickle occurs. This is resolved in 8.0.0 and backports.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/154722/mintinstall-7.9.9-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
https://forums.linuxmint.com/viewtopic.php?f=143&t=302960 | Exploit Vendor Advisory |
https://github.com/Andhrimnirr/Mintinstall-object-injection | Exploit Third Party Advisory |
https://github.com/linuxmint/mintinstall/blob/master/debian/changelog | Release Notes Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-10-02T12:17:42
Updated: 2019-10-04T12:40:00
Reserved: 2019-10-02T00:00:00
Link: CVE-2019-17080
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-10-02T13:15:11.373
Modified: 2019-10-08T18:23:46.800
Link: CVE-2019-17080
JSON object: View
Redhat Information
No data.
CWE