Text only | Text with Images

Networking-Forums.com

Professional Discussions => Vendor Advisories => Topic started by: icecream-guy on October 16, 2019, 05:44:33 AM

Title: Security Advisory: Local Privilege Escalation in GlobalProtect Agent for Linux a
Post by: icecream-guy on October 16, 2019, 05:44:33 AM
Local Privilege Escalation in GlobalProtect Agent for Linux and Mac OS
Last revised: 10/15/2019

Summary
A Local Privilege Escalation vulnerability exists in GlobalProtect Agent for Linux and Mac OSX that can allow non-root users to overwrite root files on the file system. (Ref # GPC-8945, CVE-2019-17436)

Severity: Medium
Successful exploitation of this issue may allow a low-privileged local user to escalate their privileges on the system.

Products Affected
GlobalProtect Agent 5.0.4 and earlier for Linux and Mac OS and GlobalProtect Agent 4.1.12 and earlier for Linux and Mac OS.

Available Updates
GlobalProtect Agent 4.1.13 and later for Linux and Mac OS and GlobalProtect Agent 5.0.5 and later for Linux and Mac OS.

Workarounds and Mitigations
N/A

Acknowledgments
Palo Alto Networks would like to thank Hanno Heinrichs of CrowdStrike Intelligence for reporting this issue.
Text only | Text with Images