Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merge fix for CVE-2019-3567 from osquery 3.4.0 #47

Closed
mike-myers-tob opened this issue Jun 4, 2019 · 0 comments

Comments

@mike-myers-tob
Copy link
Contributor

commented Jun 4, 2019

Bug report

An elevation of privilege vulnerability was fixed in osquery. Details are here. Advisory is here.

What operating system and version are you using?

The issue is specific to the Windows build.

What version of osquery are you using?

The fix is available in osquery 3.4.0, and the relevant commit appears to be this one. It is not marked as a security fix nor does it mention the CVE, but this appears to be it.

The solution is to migrate installations to the 'Program Files' directory on Windows which restricts unprivileged write access.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.