Keybase CVE-2019-7249 Local Privilege Escalation Vulnerability
BID:106824
CVE-2019-7249 |Info
Keybase CVE-2019-7249 Local Privilege Escalation Vulnerability
| Bugtraq ID: | 106824 |
| Class: | Access Validation Error |
| CVE: |
CVE-2019-7249 |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 30 2019 12:00AM |
| Updated: | Jan 30 2019 12:00AM |
| Credit: | Rich Mirch, 0xCCCC, Jan Votava, jinmo123 and Nicolas Trippar. |
| Vulnerable: |
Keybase Keybase 2.10.1 Keybase Keybase 2.10 Keybase Keybase 2.9 Keybase Keybase 2.8 Keybase Keybase 2.7.3 Keybase Keybase 2.7.2 Keybase Keybase 2.6.2 |
| Not Vulnerable: |
Keybase Keybase 2.12.6 Keybase Keybase 2.13 |
Discussion
Keybase CVE-2019-7249 Local Privilege Escalation Vulnerability
Keybase is prone to a local privilege-escalation vulnerability.
An attackers may exploit this issue to gain elevated privileges.
Versions prior to Keybase 2.12.6 are vulnerable.
Keybase is prone to a local privilege-escalation vulnerability.
An attackers may exploit this issue to gain elevated privileges.
Versions prior to Keybase 2.12.6 are vulnerable.
Exploit / POC
Keybase CVE-2019-7249 Local Privilege Escalation Vulnerability
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
Solution / Fix
Keybase CVE-2019-7249 Local Privilege Escalation Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Keybase CVE-2019-7249 Local Privilege Escalation Vulnerability
References:
References:
- Keybase Github Releases (Github)
- Keybase Github Repository (Github)
- macOS privilege escalation via keybase install (HackerOne)
- Local Privilege Escalation in MacOS via Keybase Helper (KB004) (Keybase)