CVE-2019-3805 — Signal Handler Race Condition in Redhat Wildfly

CWE-364 — Signal Handler Race Condition CWE-269 — Improper Privilege Management7 documents5 sources

Severity

4.7MEDIUMNVD

EPSS

0.1%

top 77.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Wildfly RED HAT Wildfly Redhat Jboss Enterprise Application Platform

Timeline

PublishedMay 3

Latest updateMay 24

Description

A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages4 packages

▶NVDredhat/wildfly16.0.0

▶CVEListV5redhat/wildflywill not be fixed

▶CVEListV5red_hat/wildflyaffects up to 16.0.0.Final

▶NVDredhat/jboss_enterprise_application_platform6.0.0, 7.0.0+1

🔴Vulnerability Details

GHSA

GHSA-p2vr-qm33-hrfc: A flaw was discovered in wildfly versions up to 16↗2022-05-24

▶

CVEList

CVE-2019-3805: A flaw was discovered in wildfly versions up to 16↗2019-05-03

▶

📋Vendor Advisories

Red Hat

wildfly: JBoss EAP-CD regression of CVE-2019-3805↗2020-07-07

▶

Red Hat

wildfly: Race condition on PID file allows for termination of arbitrary processes by local users↗2019-04-30

▶

💬Community

Bugzilla

CVE-2020-14317 wildfly: JBoss EAP-CD regression of CVE-2019-3805↗2020-07-07

▶

Bugzilla

CVE-2019-3805 wildfly: Race condition on PID file allows for termination of arbitrary processes by local users↗2018-12-18

▶