CVE-2019-19585

An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconfig specific tasks. After an "rConfig specific Apache configuration" update, apache has high privileges for some binaries. This can be exploited by an attacker to bypass local security restrictions.
Configurations

Configuration 1 (hide)

cpe:2.3:a:rconfig:rconfig:3.9.3:*:*:*:*:*:*:*

History

21 Nov 2024, 04:34

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/156950/rConfig-3.9.4-searchField-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/156950/rConfig-3.9.4-searchField-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry
References () https://github.com/v1k1ngfr/exploits-rconfig/blob/master/rconfig_lpe.sh - Exploit, Third Party Advisory () https://github.com/v1k1ngfr/exploits-rconfig/blob/master/rconfig_lpe.sh - Exploit, Third Party Advisory
References () https://raw.githubusercontent.com/v1k1ngfr/exploits/master/rconfig_lpe.sh?token= - Exploit, Third Party Advisory () https://raw.githubusercontent.com/v1k1ngfr/exploits/master/rconfig_lpe.sh?token= - Exploit, Third Party Advisory

Information

Published : 2020-01-06 20:15

Updated : 2024-11-21 04:34


NVD link : CVE-2019-19585

Mitre link : CVE-2019-19585

CVE.ORG link : CVE-2019-19585


JSON object : View

Products Affected

rconfig

  • rconfig
CWE
CWE-269

Improper Privilege Management