CVE-2019-18192 – CVE-2019-18192 is a privilege escalation vulner... (How to Fix)

Q: What is the severity of CVE-2019-18192?

CVE-2019-18192 has a CVSS score of 7.8 (HIGH). CVE-2019-18192 is a privilege escalation vulnerability in GNU Guix where the parent directory of user-profile directories is world-writable, allowing local users to access and potentially compromise other users' accounts. This affects GNU Guix installations where multiple users share the same system. The vulnerability is similar to CVE-2019-17365 and requires local access to exploit.

📋 TL;DR

CVE-2019-18192 is a privilege escalation vulnerability in GNU Guix where the parent directory of user-profile directories is world-writable, allowing local users to access and potentially compromise other users' accounts. This affects GNU Guix installations where multiple users share the same system. The vulnerability is similar to CVE-2019-17365 and requires local access to exploit.

💻 Affected Systems

Products:

GNU Guix

Versions: 1.0.1 and earlier versions

Operating Systems: Linux, Unix-like systems

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects multi-user installations where the Guix package manager is used with shared user profiles.

📦 What is this software?

Guix by Gnu

View all CVEs affecting Guix →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains full control over another user's account, potentially accessing sensitive data, modifying configurations, or escalating to root privileges through the compromised account.

🟠

Likely Case

Local user accesses another user's profile directory, potentially reading sensitive configuration files or modifying user environments.

🟢

If Mitigated

With proper directory permissions and user isolation, impact is limited to unauthorized directory access without privilege escalation.

🌐 Internet-Facing: LOW - This vulnerability requires local access to the system and cannot be exploited remotely.

🏢 Internal Only: HIGH - In multi-user environments, any local user can potentially access other users' accounts and data.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local user access and basic knowledge of directory traversal. The vulnerability is well-documented in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in GNU Guix 1.1.0 and later

Vendor Advisory: https://issues.guix.gnu.org/issue/37744

Restart Required: No

Instructions:

1. Update GNU Guix to version 1.1.0 or later using 'guix pull' 2. Run 'guix package --upgrade' to update installed packages 3. Verify directory permissions are corrected

🔧 Temporary Workarounds

Manual Permission Fix

linux

Manually change permissions on the parent directory of user profiles to remove world-writable access

sudo chmod o-w /var/guix/profiles/per-user

🧯 If You Can't Patch

Implement strict user isolation and limit local user access to the system
Monitor file system changes in the /var/guix/profiles/per-user directory for unauthorized access

🔍 How to Verify

Check if Vulnerable:

Check if /var/guix/profiles/per-user directory is world-writable: 'ls -ld /var/guix/profiles/per-user' - if output shows 'drwxrwxrwx' or similar with 'w' for others, system is vulnerable

Check Version:

guix --version

Verify Fix Applied:

Verify directory permissions: 'ls -ld /var/guix/profiles/per-user' should NOT show 'w' permission for others (world)

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to /var/guix/profiles/per-user directories
Permission changes on Guix profile directories

Network Indicators:

No network indicators - this is a local file system vulnerability

SIEM Query:

file_access AND path:"/var/guix/profiles/per-user/*" AND NOT user:root

📊 Metadata

CVE ID: CVE-2019-18192

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-732

Published: October 17, 2019

Last Updated: November 21, 2024

🔗 References

http://www.openwall.com/lists/oss-security/2019/10/17/3 Mailing List,Patch,Third Party Advisory
https://issues.guix.gnu.org/issue/37744 Exploit,Issue Tracking,Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/10/17/3 Mailing List,Patch,Third Party Advisory
https://issues.guix.gnu.org/issue/37744 Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-18192, you might also want to check these: