logo

Database

Excessive privileges In github.com/sylabs/singularity/internal/pkg/runtime/engines/singularity

Description

Incorrect Permission Assignment for Critical Resource in Singularity An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh) could exploit this vulnerability due to insecure permissions allowing a user to edit files within /run/singularity/instances/sing/<user>/<instance>. The manipulation of those files can change the behavior of the starter-suid program when instances are joined resulting in potential privilege escalation on the host.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2019-113282. NVD-2019-113283. OSV-2019-113284. GHSA-557g-r22w-9wvx5. GCVE-2019-11328

References

1. https://github.com/sylabs/singularity/commit/618c9d56802399adb329c23ea2b70598eaff4a312. https://github.com/sylabs/singularity/releases/tag/v3.2.03. https://lists.fedoraproject.org/archives/list/[email protected]/message/5O3TPL5OOTIZEI4H6IQBCCISBARJ6WL3/4. https://lists.fedoraproject.org/archives/list/[email protected]/message/LIHV7DSEVTB5SUPEZ2UXGS3Q6WMEQSO2/5. https://lists.fedoraproject.org/archives/list/[email protected]/message/LNU5BUHFOTYUZVHFUSX2VG4S3RCPUEMA/6. http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00028.html7. http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html8. http://www.openwall.com/lists/oss-security/2019/05/16/19. http://www.securityfocus.com/bid/10836010. https://lists.fedoraproject.org/archives/list/[email protected]/message/5O3TPL5OOTIZEI4H6IQBCCISBARJ6WL311. https://lists.fedoraproject.org/archives/list/[email protected]/message/LIHV7DSEVTB5SUPEZ2UXGS3Q6WMEQSO212. https://lists.fedoraproject.org/archives/list/[email protected]/message/LNU5BUHFOTYUZVHFUSX2VG4S3RCPUEMA

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.