{"id":16637,"date":"2021-07-07T15:44:21","date_gmt":"2021-07-07T13:44:21","guid":{"rendered":"https:\/\/herolab-usd.formwandler.rocks\/security-advisories\/usd-2019-0060\/"},"modified":"2021-07-19T14:12:58","modified_gmt":"2021-07-19T12:12:58","slug":"usd-2019-0060","status":"publish","type":"page","link":"https:\/\/herolab.usd.de\/en\/security-advisories\/usd-2019-0060\/","title":{"rendered":"usd-2019-0060"},"content":{"rendered":"

[et_pb_section fb_built=\"1\" _builder_version=\"4.9.4\" _module_preset=\"default\" background_color=\"#2E353D\" custom_padding=\"||0px|||\"][et_pb_row _builder_version=\"4.9.4\" _module_preset=\"default\"][et_pb_column type=\"4_4\" _builder_version=\"4.9.4\" _module_preset=\"default\"][et_pb_text _builder_version=\"4.9.4\" _module_preset=\"cc5ac6f4-ebbd-4b3f-bc92-4dfc1f15fe2c\" hover_enabled=\"0\" sticky_enabled=\"0\"]<\/p>\n

usd-2019-0060 | Control-M\/Agent<\/span><\/h1>\n

<\/span>
Advisory ID<\/strong>: usd-2019-0060<\/span>
CVE Number<\/strong>: CVE-2019-19216<\/span>
Affected Product<\/strong>: Control-M\/Agent<\/span>
Affected Version<\/strong>: 7.0.00.000 <\/span>
Vulnerability Type<\/strong>: Insecure File Copy<\/span>
Security Risk<\/strong>: High (conditional)*<\/span>
Vendor URL<\/strong>: https:\/\/www.bmcsoftware.de\/<\/a><\/span>
Vendor Status<\/strong>: Fixed (according to vendor)<\/span><\/p>\n

* We do not consider the vulnerability to be of critical severity as the vendor explicitly recommends to use TLS and the attacks only work when TLS is disabled. Nevertheless, as we encountered real-life configurations without TLS, we would like to highlight the increased criticality in case of a customer misconfiguration.<\/span><\/p>\n

 <\/p>\n

Description<\/h3>\n

The Control-M agent can copy log files to the user\u2019s home folder who owns the Joblog to copy. The vendor recommends to run the agent as a non-root user, this is the default configuration. Nevertheless, as we encountered real-life configurations with the agent running with root privileges, we would like to highlight that in this case root\u2019s home directory is affected, too.<\/span>
As a result, any user with access to the Control-M\/Agent may overwrite sensitive files with privileges of the agent. If the agent is run with root privileges an remote attacker may even place chosen commands in root\u2019s .bashrc that would be executed on the next login.<\/span><\/p>\n

<\/span><\/p>\n

\n
\n

Fix<\/h3>\n

Copying files as a high privileged users like \u201eroot\u201c based on user controlled conditions is always dangerous. At least make sure, that no files in the user\u2019s directories can be overwritten with log files performing these actions.<\/span><\/p>\n

<\/h3>\n

Timeline<\/h3>\n