ArchLinux: 201903-7: pacman: arbitrary code execution

    Date11 Mar 2019
    CategoryArchLinux
    359
    Posted ByLinuxSecurity Advisories
    The package pacman before version 5.1.3-1 is vulnerable to arbitrary code execution.
    Arch Linux Security Advisory ASA-201903-7
    =========================================
    
    Severity: High
    Date    : 2019-03-11
    CVE-ID  : CVE-2019-9686
    Package : pacman
    Type    : arbitrary code execution
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-921
    
    Summary
    =======
    
    The package pacman before version 5.1.3-1 is vulnerable to arbitrary
    code execution.
    
    Resolution
    ==========
    
    Upgrade to 5.1.3-1.
    
    # pacman -Syu "pacman>=5.1.3-1"
    
    The problem has been fixed upstream in version 5.1.3.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    pacman prior to version 5.1.3 allows directory traversal when
    installing a remote package via a specified URL "pacman -U " due
    to an unsanitized file name received from a Content-Disposition header.
    pacman renames the downloaded package file to match the name given in
    this header. However, pacman did not sanitize this name, which may
    contain slashes, before calling rename(). A malicious server (or a
    network MitM if downloading over HTTP) can send a Content-Disposition
    header to make pacman place the file anywhere in the filesystem,
    potentially leading to arbitrary root code execution. Notably, this
    bypasses pacman's package signature checking. This occurs in
    curl_download_internal in lib/libalpm/dload.c.
    
    Impact
    ======
    
    A remote attacker in the position of man-in-the-middle or a malicious
    server is able to execute arbitrary code as root when a user installs a
    remote package via a specified URL.
    
    References
    ==========
    
    https://git.archlinux.org/pacman.git/commit/?id=9702703633bec2c007730006de2aeec8587dfc84
    https://git.archlinux.org/pacman.git/commit/?id=d197d8ab82cf10650487518fb968067897a12775
    https://git.archlinux.org/pacman.git/commit/?h=release/5.1.x&id=1bf767234363f7ad5933af3f7ce267c123017bde
    https://security.archlinux.org/CVE-2019-9686
    
    
    You are not authorised to post comments.

    LinuxSecurity Poll

    In your opinion, what is the biggest advantage associated with choosing open-source software/products?

    Message!

    Poll results are hidden from public viewing.

    You are not authorized to vote on this poll.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /component/communitypolls/?task=poll.vote
    8
    radio
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.