|Impact||The vulnerability enables local users to elevate privileges to root. Users can perform this action by executing malicious payload with Nipper executable files.|
|Reported||8 September 2019|
|Reported by||Guy Levin (@va_start)|
|Fixed||26 November 2019|
|Affected Builds||- Builds till 124078
- 124081 to 124098
|Fixed in||Builds 124079 and 124099|
|Overview||Incorrect file permissions on the packaged Nipper executable file.|
|Recommended Fix||For builds till 124078: Upgrade to OpUtils Version 12.4.079 or above.
For builds 124081 to 124098: Contact our support team or email us at firstname.lastname@example.org
A user detected incorrect file permissions on the packaged Nipper executable file in which allowed local users to elevate privileges to root by overwriting this file with a malicious payload.
We recommend that you upgrade to OpUtils version 12.4.079 and above to fix this issue.
Source and Acknowledgements
Find out more about CVE-2019-17421 from the CVE dictionary.