CVE-2019-17446 | Linux EPA Agent vulnerability via Untrusted Search Path.
Security Vulnerability
Published: 10/10/2019
MITRE CVE-2019-17446
Discovered and reported by: Christopher Schneider, State Farm Penetration Test Team
An issue was discovered in Eracent EPA Agent through 10.2.26. The agent executable, when installed for non-root operations (scanning),
can be used to start external programs with elevated permissions because of an Untrusted Search Path. An attacker who successfully exploited this vulnerability could lead to file content exposure, corruption or denial-of-service. To exploit this vulnerability, an attacker would need use local login to non-privileged account on the Linux system with affected agent version installed for non-root operations. This vulnerability applies specifically to Linux agents running in non-root mode only.
The update addresses the vulnerability by correcting how the agent upon startup resets the PATH variable to a value configured in /etc/environment or (when not configured) to a hardcoded value.
