QwikSec

Security Database

CVE

CWE

Training

CVE-2019-11328

Published: May 14, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh) could exploit this vulnerability due to insecure permissions allowing a user to edit files within `/run/singularity/instances/sing/<user>/<instance>`. The manipulation of those files can change the behavior of the starter-suid program when instances are joined resulting in potential privilege escalation on the host.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/sylabs/singularity/releases/tag/v3.2.0

x_refsource_CONFIRM

[oss-security] 20190516 Singularity 3.1.0: CVE-2019-11328: namespace privilege escalation and arbitrary file corruption

mailing-list

x_refsource_MLIST

vdb-entry

x_refsource_BID

FEDORA-2019-da2ed3b0b5

vendor-advisory

x_refsource_FEDORA

FEDORA-2019-9f48c6fedc

vendor-advisory

x_refsource_FEDORA

FEDORA-2019-25ecc42592

vendor-advisory

x_refsource_FEDORA

openSUSE-SU-2019:2288

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2020:1037

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.