CVE-2019-19455

[Suggested Description]
---------------------------------------
A local privilege escalation was found in the Linux Version of the server.
A user can write arbitrary commands in any file that can be executed as root.
---------------------------------------
[Vulnerability Type]
Privilege Escalation
---------------------------------------
[Vendor of Product]
Wowza Media Systems LLC
---------------------------------------
[Affected Product Code Base]
Wowza Streaming Engine - Versions prior to 4.8.5, Issue fixed in 4.8.5
---------------------------------------
[Affected Component]
Wowza Streaming Engine
---------------------------------------
[Attack Type]
Local
---------------------------------------
[Impact Code Execution]
true
---------------------------------------
[Impact Denial of Service]
false
---------------------------------------
[Attack Vector]
The installer sets relaxed permissions on core program files by default.
A user can write arbitrary commands in every file in
/usr/local/WowzaStreamingEngine/manager/bin/ since they are writable by
anyone and executed at boot or stop of the server as root.
---------------------------------------
[Has the vendor confirmed or acknowledged the vulnerability?]
true