Lucene search

K
cve[email protected]CVE-2019-3688
HistoryOct 07, 2019 - 2:15 p.m.

CVE-2019-3688

2019-10-0714:15:11
CWE-276
web.nvd.nist.gov
130
4
cve-2019-3688
suse linux enterprise server
permission escalation
binary vulnerability
security
nvd

6.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:C/A:C

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.6%

The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the squid user to gain persistence by changing the binary

Affected configurations

NVD
Node
susesuse_linux_enterprise_serverMatch12sp1ltss
OR
susesuse_linux_enterprise_serverMatch12sp2ltss
OR
susesuse_linux_enterprise_serverMatch12sp3ltss
OR
susesuse_linux_enterprise_serverMatch15-
OR
susesuse_linux_enterprise_serverMatch15sp1

CNA Affected

[
  {
    "product": "SUSE Linux Enterprise Server 15",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThanOrEqual": "4.8-5.8.1",
        "status": "affected",
        "version": "squid",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Server 12",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThanOrEqual": "3.5.21-26.17.1",
        "status": "affected",
        "version": "squid",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

6.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:C/A:C

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.6%