Vulnerabilities > CVE-2019-17080 - Deserialization of Untrusted Data vulnerability in Linuxmint Mintinstall 7.9.9

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
linuxmint
CWE-502
exploit available

Summary

mintinstall (aka Software Manager) 7.9.9 for Linux Mint allows code execution if a REVIEWS_CACHE file is controlled by an attacker, because an unpickle occurs. This is resolved in 8.0.0 and backports.

Vulnerable Configurations

Part Description Count
Application
Linuxmint
1

Common Weakness Enumeration (CWE)

Exploit-Db

idEDB-ID:47457
last seen2019-10-03
modified2019-10-03
published2019-10-03
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/47457
titlemintinstall 7.9.9 - Code Execution

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/154722/mintinstall799-exec.txt
idPACKETSTORM:154722
last seen2019-10-03
published2019-10-02
reporterAndhrimnirr
sourcehttps://packetstormsecurity.com/files/154722/mintinstall-7.9.9-Code-Execution.html
titlemintinstall 7.9.9 Code Execution