A flaw was found in libqb. Isecure handling of temporari files could be exploited by a local attacker to overwrite privileged system files.
Created libqb tracking bugs for this issue:
Affects: fedora-all [bug 1695949]
v1.0.4 has been released upstream to fix these issues
Has a CVE been assigned for this flaw, yet?
FTR. v1.0.4 could technically solve the problem, but we don't want
to advertise that version anywhere, for being botched, rendering it's
prime use case (cluster stack) unusable -- subsequent v1.0.5 fixes that:
The problem basically lies in how temporary files are handled by the libqb.
1. Predictable file names are used in the world writeable directories namely /dev/shm and /tmp.
2. O_EXCL flag is not used when creating temp files.
This could be exploited by a local attacker to overwrite privileged system files (if not restricted by sandboxing, MAC or symlinking policies).
Most likely attack scenario is when a privileged program linked against libqb uses temp files. Due to the race-condition it is possible that the attacker could overwrite arbitrary system files.
Re [comment 6]: as instructed, asked for a CVE from MITRE.
Will report back here.
This has been assigned CVE-2019-12779.