Vulnerabilities > CVE-2019-17080 - Deserialization of Untrusted Data vulnerability in Linuxmint Mintinstall 7.9.9

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

linuxmint

CWE-502

exploit available

NVD

Published: 2019-10-02

Updated: 2019-10-08

Summary

mintinstall (aka Software Manager) 7.9.9 for Linux Mint allows code execution if a REVIEWS_CACHE file is controlled by an attacker, because an unpickle occurs. This is resolved in 8.0.0 and backports.

Vulnerable Configurations

Part	Description	Count
Application	Linuxmint Linuxmint Mintinstall 7.9.9	1

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

Exploit-Db

id	EDB-ID:47457
last seen	2019-10-03
modified	2019-10-03
published	2019-10-03
reporter	Exploit-DB
source	https://www.exploit-db.com/download/47457
title	mintinstall 7.9.9 - Code Execution

Packetstorm

data source	https://packetstormsecurity.com/files/download/154722/mintinstall799-exec.txt
id	PACKETSTORM:154722
last seen	2019-10-03
published	2019-10-02
reporter	Andhrimnirr
source	https://packetstormsecurity.com/files/154722/mintinstall-7.9.9-Code-Execution.html
title	mintinstall 7.9.9 Code Execution

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

Packetstorm

References