The software for interacting between Linux and FreeBSD virtual machines with the Azure Windows Azure Linux Agent is vulnerable due to incorrect permission assignments for download files. This allows an intruder to gain unauthorized access to sensitive information.

🗓️ 25 Apr 2019 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

Linux FreeBSD integration with the Azure Linux Agent has improper download file permissions, risking unauthorized access.

Reporter	Title	Published	Views	Family All 64
Tenable Nessus	Alibaba Cloud Linux 3 : 0072: WALinuxAgent (ALINUX3-SA-2022:0072)	14 May 202500:00	–	nessus
Tenable Nessus	CentOS 8 : WALinuxAgent (CESA-2019:1527)	29 Jan 202100:00	–	nessus
Tenable Nessus	Debian DLA-1709-1 : waagent security update	14 Mar 201900:00	–	nessus
Tenable Nessus	Debian DSA-4406-1 : waagent - security update	13 Mar 201900:00	–	nessus
Tenable Nessus	Fedora 30 : WALinuxAgent (2019-9effd63191)	2 May 201900:00	–	nessus
Tenable Nessus	openSUSE Security Update : python-azure-agent (openSUSE-2019-1106)	3 Apr 201900:00	–	nessus
Tenable Nessus	openSUSE Security Update : python-azure-agent (openSUSE-2020-261)	2 Mar 202000:00	–	nessus
Tenable Nessus	Oracle Linux 8 : WALinuxAgent (ELSA-2019-1527)	12 Aug 201900:00	–	nessus
Tenable Nessus	Photon OS 2.0: Walinuxagent PHSA-2020-2.0-0271	15 Aug 202000:00	–	nessus
Tenable Nessus	Photon OS 3.0: Walinuxagent PHSA-2020-3.0-0090	18 May 202000:00	–	nessus

Vulners

Node

microsoft windows_azure_linux_agentRange<2.2.38

Source	Link
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/security/cve/cve-2019-0804
security-tracker	www.security-tracker.debian.org/tracker/CVE-2019-0804
web	www.web.nvd.nist.gov/view/vuln/detail

23 Mar 2021 00:00Current

6.2Medium risk

Vulners AI Score6.2

CVSS 24

CVSS 35

EPSS0.03688

linux freebsd integration azure linux agent download file permissions unauthorized access risk