Bug 1149292 (CVE-2019-11736)

Summary: VUL-0: CVE-2019-11736: MozillaFirefox: File manipulation and privilege escalation in Mozilla Maintenance Service
Product: [Novell Products] SUSE Security Incidents Reporter: Alexander Bergmann <abergmann>
Component: IncidentsAssignee: Charles Robertson <cgrobertson>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Windows   
URL: https://smash.suse.de/issue/241688/
Whiteboard: CVSSv2:NVD:CVE-2019-11736:4.4:(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on: 1149323, 1149324    
Bug Blocks:    

Description Alexander Bergmann 2019-09-04 06:48:38 UTC 
CVE-2019-11736: File manipulation and privilege escalation in Mozilla Maintenance Service

Reporter   Seb Patane
Impact     high

Description
The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service executable, which is run with privileged access. Additionally, there was a race condition during checks for junctions and symbolic links by the Maintenance Service, allowing for potential local file and directory manipulation to be undetected in some circumstances. This allows for potential privilege escalation by a user with unprivileged local access.

Note: These attacks requires local system access and only affects Windows. Other operating systems are not affected.


References:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11736
https://bugzilla.mozilla.org/show_bug.cgi?id=1551913
https://bugzilla.mozilla.org/show_bug.cgi?id=1552206
https://bugzilla.redhat.com/show_bug.cgi?id=1748662
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11736
Comment 1 Andreas Stieger 2019-09-04 14:46:25 UTC 
Not affected.
Comment 2 Swamp Workflow Management 2019-10-03 19:12:22 UTC 
SUSE-SU-2019:2545-1: An update that fixes 29 vulnerabilities is now available.

Category: security (important)
Bug References: 1109465,1117473,1123482,1124525,1133810,1138688,1140868,1141322,1145665,1149292,1149293,1149294,1149295,1149296,1149297,1149298,1149299,1149302,1149303,1149304,1149323
CVE References: CVE-2019-11710,CVE-2019-11714,CVE-2019-11716,CVE-2019-11718,CVE-2019-11720,CVE-2019-11721,CVE-2019-11723,CVE-2019-11724,CVE-2019-11725,CVE-2019-11727,CVE-2019-11728,CVE-2019-11733,CVE-2019-11735,CVE-2019-11736,CVE-2019-11738,CVE-2019-11740,CVE-2019-11742,CVE-2019-11743,CVE-2019-11744,CVE-2019-11746,CVE-2019-11747,CVE-2019-11748,CVE-2019-11749,CVE-2019-11750,CVE-2019-11751,CVE-2019-11752,CVE-2019-11753,CVE-2019-9811,CVE-2019-9812
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    MozillaFirefox-68.1.0-3.54.2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    MozillaFirefox-68.1.0-3.54.2
SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (src):    MozillaFirefox-68.1.0-3.54.2, MozillaFirefox-branding-SLE-68-4.8.5
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    MozillaFirefox-68.1.0-3.54.2, MozillaFirefox-branding-SLE-68-4.8.5

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 3 Swamp Workflow Management 2019-10-05 04:12:27 UTC 
openSUSE-SU-2019:2251-1: An update that fixes 29 vulnerabilities is now available.

Category: security (important)
Bug References: 1109465,1117473,1123482,1124525,1133810,1138688,1140868,1141322,1145665,1149292,1149293,1149294,1149295,1149296,1149297,1149298,1149299,1149302,1149303,1149304,1149323
CVE References: CVE-2019-11710,CVE-2019-11714,CVE-2019-11716,CVE-2019-11718,CVE-2019-11720,CVE-2019-11721,CVE-2019-11723,CVE-2019-11724,CVE-2019-11725,CVE-2019-11727,CVE-2019-11728,CVE-2019-11733,CVE-2019-11735,CVE-2019-11736,CVE-2019-11738,CVE-2019-11740,CVE-2019-11742,CVE-2019-11743,CVE-2019-11744,CVE-2019-11746,CVE-2019-11747,CVE-2019-11748,CVE-2019-11749,CVE-2019-11750,CVE-2019-11751,CVE-2019-11752,CVE-2019-11753,CVE-2019-9811,CVE-2019-9812
Sources used:
openSUSE Leap 15.1 (src):    MozillaFirefox-68.1.0-lp151.2.14.1
Comment 4 Swamp Workflow Management 2019-10-06 13:20:15 UTC 
openSUSE-SU-2019:2260-1: An update that fixes 29 vulnerabilities is now available.

Category: security (important)
Bug References: 1109465,1117473,1123482,1124525,1133810,1138688,1140868,1141322,1145665,1149292,1149293,1149294,1149295,1149296,1149297,1149298,1149299,1149302,1149303,1149304,1149323
CVE References: CVE-2019-11710,CVE-2019-11714,CVE-2019-11716,CVE-2019-11718,CVE-2019-11720,CVE-2019-11721,CVE-2019-11723,CVE-2019-11724,CVE-2019-11725,CVE-2019-11727,CVE-2019-11728,CVE-2019-11733,CVE-2019-11735,CVE-2019-11736,CVE-2019-11738,CVE-2019-11740,CVE-2019-11742,CVE-2019-11743,CVE-2019-11744,CVE-2019-11746,CVE-2019-11747,CVE-2019-11748,CVE-2019-11749,CVE-2019-11750,CVE-2019-11751,CVE-2019-11752,CVE-2019-11753,CVE-2019-9811,CVE-2019-9812
Sources used:
openSUSE Leap 15.0 (src):    MozillaFirefox-68.1.0-lp150.3.66.1