Login Sign Up

CVE-2019-7653

9.8 CRITICAL

📋 TL;DR

This vulnerability allows local code injection in Debian's python-rdflib-tools package. Attackers can execute arbitrary Python code by placing malicious modules in the current working directory when CLI tools like rdf2dot are run. This affects Debian systems using the vulnerable package version.

💻 Affected Systems

Products:
  • Debian python-rdflib-tools
Versions: 4.2.2-1
Operating Systems: Debian Linux, Ubuntu (derived from affected Debian packages)
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems where python-rdflib-tools is installed and CLI tools from debian/scripts directory are used.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Rdflib by Rdflib Project

View all CVEs affecting Rdflib →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via arbitrary code execution with the privileges of the user running the vulnerable CLI tool, potentially leading to privilege escalation.

🟠

Likely Case

Local privilege escalation or arbitrary code execution by malicious users with access to the system, particularly in multi-user environments.

🟢

If Mitigated

Limited impact if proper access controls restrict who can write to directories where CLI tools are executed.

🌐 Internet-Facing: LOW - This is primarily a local vulnerability requiring access to the system.
🏢 Internal Only: HIGH - Internal users with shell access can exploit this for privilege escalation or lateral movement.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local access and ability to place files in the current working directory where CLI tools are executed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.2.2-1+deb9u1 (Debian 9/stretch), 4.2.2-1+deb10u1 (Debian 10/buster)

Vendor Advisory: https://lists.debian.org/debian-lts-announce/2019/03/msg00019.html

Restart Required: No

Instructions:

1. Update package: sudo apt-get update && sudo apt-get install python-rdflib-tools
2. Verify version is patched: dpkg -l python-rdflib-tools

🔧 Temporary Workarounds

Remove vulnerable package

linux

Uninstall python-rdflib-tools if not needed

sudo apt-get remove python-rdflib-tools

Restrict directory permissions

linux

Ensure users cannot write to directories where CLI tools are executed

chmod 755 /path/to/execution/directory
chown root:root /path/to/execution/directory

🧯 If You Can't Patch

  • Remove python-rdflib-tools package entirely if not required
  • Implement strict access controls to prevent users from writing to directories where CLI tools might be executed

🔍 How to Verify

Check if Vulnerable:

Check installed version: dpkg -l python-rdflib-tools | grep ^ii

Check Version:

dpkg -l python-rdflib-tools | grep ^ii | awk '{print $3}'

Verify Fix Applied:

Verify version is 4.2.2-1+deb9u1 or later for Debian 9, or 4.2.2-1+deb10u1 or later for Debian 10

📡 Detection & Monitoring

Log Indicators:

  • Unusual Python module imports from current directory
  • Execution of rdf2dot or other python-rdflib-tools CLI tools with suspicious parameters

Network Indicators:

  • None - this is a local vulnerability

SIEM Query:

Process execution where command contains 'rdf2dot' or 'python -m' with unusual paths

📊 Metadata

CVE ID: CVE-2019-7653
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-427
Published: February 9, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-7653, you might also want to check these:

CVE-2025-4981 9.9

This vulnerability allows authenticated Mattermost users to write files to arbitrary locations on th...

Same vulnerability type (CWE-427)
CVE-2022-24955 9.8

CVE-2022-24955 is a DLL hijacking vulnerability in Foxit PDF software that allows attackers to execu...

Same vulnerability type (CWE-427)
CVE-2019-20856 9.8

This vulnerability in Mattermost Desktop App for macOS allows attackers to inject malicious dynamic ...

Same vulnerability type (CWE-427)