====================================================================

                             CERT-Renater

                 Note d'Information No. 2019/VULN105

_____________________________________________________________________

DATE                : 18/04/2019

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Cisco Directory Connector software.

=====================================================================
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-cdc-hijack
_____________________________________________________________________

Cisco Security Advisory: Cisco Directory Connector Search Order
Hijacking Vulnerability

Advisory ID: cisco-sa-20190417-cdc-hijack

Revision: 1.0

For Public Release: 2019 April 17 16:00 GMT

Last Updated: 2019 April 17 16:00 GMT

CVE ID(s): CVE-2019-1794

CVSS Score v(3): 5.1 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N

+---------------------------------------------------------------------

Summary

=======

A vulnerability in the search path processing of Cisco Directory
Connector could allow an authenticated, local attacker to load a binary
of their choosing.

The vulnerability is due to uncontrolled search path elements. An
attacker could exploit this vulnerability by placing a binary of their
choosing earlier in the search path utilized by Cisco Directory
Connector to locate and load required resources.

There are workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-cdc-hijack
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-cdc-hijack"]


=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================