| -----BEGIN PGP SIGNED MESSAGE----- |
| Hash: SHA256 |
| |
| CVE-2019-0226: Arbitrary file write vulnerability in Config service |
| |
| Severity: Low |
| |
| Vendor: The Apache Software Foundation |
| |
| Versions Affected: all versions of Apache Karaf prior to 4.2.5 |
| |
| Description: |
| |
| Apache Karaf Config service provides a install method (via service or MBean) |
| that could be used to travel in any directory and overwrite existing file. |
| |
| The vulnerability is low if the Karaf process user has limited permission on |
| the filesystem. |
| |
| The mitigation is to prevent travel "outside" of Karaf etc folder by checking |
| the path argument of the method and prevent use of ".." in the path. |
| |
| This has been fixed in revision: |
| |
| https://gitbox.apache.org/repos/asf?p=karaf.git;h=fe3bc41 |
| https://gitbox.apache.org/repos/asf?p=karaf.git;h=bf5ed62 |
| |
| Mitigation: Apache Karaf users should upgrade to 4.2.5 |
| or later as soon as possible, or limit filesystem permission for the Karaf |
| process user. |
| |
| JIRA Tickets: https://issues.apache.org/jira/browse/KARAF-6230 |
| |
| Credit: This issue was reported by 马凌涛 <malingtao1019@163.com> |
| -----BEGIN PGP SIGNATURE----- |
| |
| iQIzBAEBCAAdFiEEGqjPktQJpzOT0Lc2v/LuQsgoLnYFAlzP38wACgkQv/LuQsgo |
| LnYiUQ//XNFT3Wo+dAypBMMCxNUWZfVw9MNkgqsZaYzCm8GjbgrEOkMB6DELQHDe |
| 4ZAnjqD3L8CoQzMrfCpR9rC5B+Gmn29+2yd4GKWs3g/vEHMusKezk/Fe9fsoaqH8 |
| f7nHQyCHEexHVNOi+i69af2iCi0RPTgSTi97D9ln8xyhl0WyU7J6+KjQkf0jJ2iW |
| u1FB4Lu0zPvNup7oa7+ulP9AJYWk/Y5w/SnOakqdMROHaKbUCxH8A4gBSAe99gWn |
| Bjw08KKuHyLDn43MYp5vLu3yZ7rZDwI25/694ZFLcbAzqXLc0aa9DDbtzyCsOWis |
| tbekmbAAOw/5mr5nC59iaaihslyYv3aR6sQNVALo8ISH2ydW3xf0FNMoZrO81Xtm |
| kYInKBCYTmfv33yEmQ8/jnyOLqorisRLD2mLqRHJghQWsC1+BrRhksgW1Tam/0RM |
| 7q0udX5gc9XEQWXxDsuaUtakrVvR/hfsxb96qmyL7pJObqWBUa78iJ2dJcxdiWtK |
| S81oElGxmok8hIpbX0CTqD4r3bfWCnDbBiries46OSJShorlCAvZWqwWATkA8WOv |
| D1Wn1KZoSut1xiexu1Eb+lemvXlKNONzEmg4qoojWCPg3zP9S+XsvcVtC9/uAALI |
| MkhI0mkl0y4o8tJuFm6sIL4haTQDkGZX381QR2zToir0z+B+du8= |
| =7xvR |
| -----END PGP SIGNATURE----- |