CVE-2019-17445 | Linux Agents vulnerability via Symbolic Link Following
Discovered and reported by: Rich Mirch, State Farm Red Team
An issue was discovered in Eracent EDA, EPA, EPM, EUA, FLW, and SUM Agent through 10.2.26. The agent executable, when installed for non-root operations (scanning), can be forced to copy files from the filesystem to other locations via Symbolic Link Following. An attacker who successfully exploited this vulnerability could lead to file content exposure, corruption or denial-of-service.
To exploit this vulnerability, an attacker would need use local login to non-privileged account on the Linux system with affected agent version installed for non-root operations.
This vulnerability applies specifically to Linux agents running in non-root mode only.
The update addresses the vulnerability by correcting how the agent upon startup sets its current working directory to the path where it is installed.