Rapid7 Vulnerability & Exploit Database

Red Hat: CVE-2019-18466: CVE-2019-18466 podman: resolving symlink in host filesystem leads to unexpected results of copy operation (Multiple Advisories)

Free InsightVM Trial No Credit Card Necessary

Watch Demo See how it all works

Back to Search

Red Hat: CVE-2019-18466: CVE-2019-18466 podman: resolving symlink in host filesystem leads to unexpected results of copy operation (Multiple Advisories)

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:P)

Published

10/28/2019

Created

01/21/2020

Added

01/20/2020

Modified

12/15/2023

Description

An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that, when copied by a victim user to the host filesystem, may overwrite existing files with others from the host.

Solution(s)

redhat-upgrade-buildah
redhat-upgrade-buildah-debuginfo
redhat-upgrade-buildah-debugsource
redhat-upgrade-buildah-tests
redhat-upgrade-buildah-tests-debuginfo
redhat-upgrade-cockpit-podman
redhat-upgrade-container-selinux
redhat-upgrade-containernetworking-plugins
redhat-upgrade-containernetworking-plugins-debuginfo
redhat-upgrade-containernetworking-plugins-debugsource
redhat-upgrade-containers-common
redhat-upgrade-fuse-overlayfs
redhat-upgrade-fuse-overlayfs-debuginfo
redhat-upgrade-fuse-overlayfs-debugsource
redhat-upgrade-oci-systemd-hook
redhat-upgrade-oci-systemd-hook-debuginfo
redhat-upgrade-oci-systemd-hook-debugsource
redhat-upgrade-oci-umount
redhat-upgrade-oci-umount-debuginfo
redhat-upgrade-oci-umount-debugsource
redhat-upgrade-podman
redhat-upgrade-podman-debuginfo
redhat-upgrade-podman-debugsource
redhat-upgrade-podman-docker
redhat-upgrade-podman-manpages
redhat-upgrade-podman-remote
redhat-upgrade-podman-remote-debuginfo
redhat-upgrade-podman-tests
redhat-upgrade-python-podman-api
redhat-upgrade-runc
redhat-upgrade-runc-debuginfo
redhat-upgrade-runc-debugsource
redhat-upgrade-skopeo
redhat-upgrade-skopeo-debuginfo
redhat-upgrade-skopeo-debugsource
redhat-upgrade-skopeo-tests
redhat-upgrade-slirp4netns
redhat-upgrade-slirp4netns-debuginfo
redhat-upgrade-slirp4netns-debugsource
redhat-upgrade-toolbox

References

CVE-2019-18466
RHSA-2019:4269

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Red Hat: CVE-2019-18466: CVE-2019-18466 podman: resolving symlink in host filesystem leads to unexpected results of copy operation (Multiple Advisories)

Red Hat: CVE-2019-18466: CVE-2019-18466 podman: resolving symlink in host filesystem leads to unexpected results of copy operation (Multiple Advisories)

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.