ASA-2019-00581 – Palo Alto Networks GlobalProtect Agent: Non-root users are able to overwrite root files on the file system


Allele Security Alert

ASA-2019-00581

Identifier(s)

ASA-2019-00581, CVE-2019-17436, PAN-SA-2019-0037

Title

Non-root users are able to overwrite root files on the file system

Vendor(s)

Palo Alto Networks

Product(s)

GlobalProtect Agent

Affected version(s)

GlobalProtect Agent for Linux and Mac OS X before version 5.0.5
GlobalProtect Agent for Linux and Mac OS X before version 4.1.13

Fixed version(s)

GlobalProtect Agent for Linux and Mac OS X version 5.0.5
GlobalProtect Agent for Linux and Mac OS X version 4.1.13

Proof of concept

Unknown

Description

A Local Privilege Escalation vulnerability exists in GlobalProtect Agent for Linux and Mac OSX that can allow non-root users to overwrite root files on the file system. Successful exploitation of this issue may allow a low-privileged local user to escalate their privileges on the system.

Technical details

Unknown

Credits

Hanno Heinrichs (CrowdStrike)

Reference(s)

Local Privilege Escalation in GlobalProtect Agent for Linux and Mac OS
https://securityadvisories.paloaltonetworks.com/Home/Detail/200

Palo Alto Networks Security Advisories: 15-October-2019
https://live.paloaltonetworks.com/t5/PSIRT-Articles/Palo-Alto-Networks-Security-Advisories-15-October-2019/ta-p/293088

CVE-2019-17436
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17436

CVE-2019-17436
https://nvd.nist.gov/vuln/detail/CVE-2019-17436

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: October 23, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.