Security Advisory: Local Privilege Escalation in GlobalProtect Agent for Linux a

Started by icecream-guy, October 16, 2019, 05:44:33 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

icecream-guy

October 16, 2019, 05:44:33 AM
Local Privilege Escalation in GlobalProtect Agent for Linux and Mac OS
Last revised: 10/15/2019

Summary
A Local Privilege Escalation vulnerability exists in GlobalProtect Agent for Linux and Mac OSX that can allow non-root users to overwrite root files on the file system. (Ref # GPC-8945, CVE-2019-17436)

Severity: Medium
Successful exploitation of this issue may allow a low-privileged local user to escalate their privileges on the system.

Products Affected
GlobalProtect Agent 5.0.4 and earlier for Linux and Mac OS and GlobalProtect Agent 4.1.12 and earlier for Linux and Mac OS.

Available Updates
GlobalProtect Agent 4.1.13 and later for Linux and Mac OS and GlobalProtect Agent 5.0.5 and later for Linux and Mac OS.

Workarounds and Mitigations
N/A

Acknowledgments
Palo Alto Networks would like to thank Hanno Heinrichs of CrowdStrike Intelligence for reporting this issue.
:professorcat:

My Moral Fibers have been cut.
Print
Go Up Pages1
User actions