mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 01:04:30 +00:00
909 B
909 B
CVE-2019-19191
Description
Shibboleth Service Provider (SP) 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user (the shibd account) after installation. This allows the user to escalate to root by pointing symlinks to files such as /etc/shadow.
POC
Reference
- https://bugzilla.suse.com/show_bug.cgi?id=1157471
- https://bugzilla.suse.com/show_bug.cgi?id=1157471
- https://issues.shibboleth.net/jira/browse/SSPCPP-874
- https://issues.shibboleth.net/jira/browse/SSPCPP-874
Github
No PoCs found on GitHub currently.