CVE-2019-3805
wildfly: Race condition on PID file allows for termination of arbitrary processes by local users
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root.
Fue encontrado un fallo en las versiones de wildfly hasta la 16.0.0. Final que permitirÃa a los usuarios locales capaces de ejecutar el script init.d conllevar a procesos arbitrarios en el sistema. Un atacante podrÃa explotar esto modificando el archivo PID en /var/run/jboss-eap/ permitiendo que el script init.d termine cualquier proceso como root.
A flaw was discovered in wildfly that would allow local users, who are able to execute init.d script, to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-03 CVE Reserved
- 2019-05-03 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-269: Improper Privilege Management
- CWE-364: Signal Handler Race Condition
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| https://security.netapp.com/advisory/ntap-20190517-0004 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2019:1106 | 2020-10-16 | |
| https://access.redhat.com/errata/RHSA-2019:1107 | 2020-10-16 | |
| https://access.redhat.com/errata/RHSA-2019:1108 | 2020-10-16 | |
| https://access.redhat.com/errata/RHSA-2019:1140 | 2020-10-16 | |
| https://access.redhat.com/errata/RHSA-2019:2413 | 2020-10-16 | |
| https://access.redhat.com/errata/RHSA-2020:0727 | 2020-10-16 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3805 | 2020-10-16 | |
| https://access.redhat.com/security/cve/CVE-2019-3805 | 2020-06-15 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1660263 | 2020-06-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 6.0.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "6.0.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 7.0.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "7.0.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Wildfly Search vendor "Redhat" for product "Wildfly" | <= 16.0.0 Search vendor "Redhat" for product "Wildfly" and version " <= 16.0.0" | - |
Affected
| ||||||