CVE-2019-15119
Description
lib/install/install.go in cnlh nps through 0.23.2 uses 0777 permissions for /usr/local/bin/nps and/or /usr/bin/nps, leading to a file overwrite by a local user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CVE-2019-15119: nps proxy server up to 0.23.2 installs the binary with world-writable permissions, allowing local users to overwrite it and escalate privileges.
A local privilege escalation vulnerability exists in the cnlh/nps intranet penetration proxy server, affecting versions up to 0.23.2. The root cause is in the lib/install/install.go file, where after copying the binary to /usr/local/bin/nps or /usr/bin/nps, the permissions are explicitly set to 0777 via os.Chmod [1][3]. This makes the binary world-writable, violating the principle of least privilege.
The attack vector is strictly local. An unprivileged user on the system can simply overwrite the nps binary file with a malicious executable because the file permissions allow write access for everyone. No authentication or special privileges are required beyond having a local user account on the machine where nps is installed [3].
An attacker who replaces the nps binary can then wait for any privileged user (such as root or a user with sudo rights) to execute the modified binary. Upon execution, the attacker's payload runs with the privileges of the invoking user, thus achieving privilege escalation and potentially full system compromise [3].
The issue has been fixed in commit 7178b3380720e910d283036a8d39879a94105515, which changes the permissions from 0777 to 0755 [4]. Users should update to a version containing this fix or apply the patch manually. No workaround is documented other than ensuring the binary's permissions are manually corrected after installation.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ehang.io/npsGo | < 0.23.2 | 0.23.2 |
Affected products
4- cnlh/npsdescription
- ghsa-coords2 versions
< 0.23.2+ 1 more
- (no CPE)range: < 0.23.2
- (no CPE)range: < 0.0.20250422T181640-1.1
Patches
11 file changed · +2 −2
lib/install/install.go+2 −2 modified@@ -33,11 +33,11 @@ func InstallNps() { if _, err := copyFile(filepath.Join(common.GetAppPath(), "nps"), "/usr/local/bin/nps"); err != nil { log.Fatalln(err) } else { - os.Chmod("/usr/local/bin/nps", 0777) + os.Chmod("/usr/local/bin/nps", 0755) log.Println("Executable files have been copied to", "/usr/local/bin/nps") } } else { - os.Chmod("/usr/bin/nps", 0777) + os.Chmod("/usr/bin/nps", 0755) log.Println("Executable files have been copied to", "/usr/bin/nps") }
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- github.com/advisories/GHSA-2vp2-8m5j-4rjxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-15119ghsaADVISORY
- github.com/cnlh/nps/commit/7178b3380720e910d283036a8d39879a94105515ghsax_refsource_MISCWEB
- github.com/cnlh/nps/issues/176ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.