Lucene search

[email protected]CVE-2019-3695

HistoryMar 03, 2020 - 11:15 a.m.

CVE-2019-3695

2020-03-0311:15:11

CWE-94

[email protected]

web.nvd.nist.gov

130

cve-2019-3695

suse linux enterprise

opensuse leap

code generation vulnerability

root access vulnerability

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.4%

JSON

A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows the user pcp to run code as root by placing it into /var/log/pcp/configs.sh This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1.

Affected configurations

NVD

Node

opensusepcpRange<3.11.9-5.8.1

AND

suselinux_enterprise_high_performance_computingMatch15.0espos

suselinux_enterprise_high_performance_computingMatch15.0ltss

suselinux_enterprise_serverMatch15

suselinux_enterprise_serverMatch15ltss

suselinux_enterprise_serverMatch15sap

Node

opensusepcpRange<4.3.1-3.5.3

AND

suselinux_enterprise_serverMatch15sp1

Node

opensusepcpRange<3.11.9-6.14.1

AND

suselinux_enterprise_software_development_kitMatch12sp4

suselinux_enterprise_software_development_kitMatch12sp5

Node

opensusepcpRange<4.3.1-lp151.2.3.1

AND

opensuseleapMatch15.1

CPENameOperatorVersion
opensuse:pcpopensuse pcplt3.11.9-5.8.1

CPE	Name	Operator	Version
opensuse:pcp	opensuse pcp	lt	3.11.9-5.8.1

CNA Affected

[
  {
    "product": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "3.11.9-5.8.1",
        "status": "affected",
        "version": "pcp",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "3.11.9-5.8.1",
        "status": "affected",
        "version": "pcp",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Module for Development Tools 15",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "3.11.9-5.8.1",
        "status": "affected",
        "version": "pcp",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Module for Development Tools 15-SP1",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "4.3.1-3.5.3",
        "status": "affected",
        "version": "pcp",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Module for Open Buildservice Development Tools 15",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "3.11.9-5.8.1",
        "status": "affected",
        "version": "pcp",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Server 15-LTSS",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "3.11.9-5.8.1",
        "status": "affected",
        "version": "pcp",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Server for SAP 15",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "3.11.9-5.8.1",
        "status": "affected",
        "version": "pcp",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Software Development Kit 12-SP4",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "3.11.9-6.14.1",
        "status": "affected",
        "version": "pcp",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Software Development Kit 12-SP5",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "3.11.9-6.14.1",
        "status": "affected",
        "version": "pcp",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "openSUSE Leap 15.1",
    "vendor": "openSUSE",
    "versions": [
      {
        "lessThan": "4.3.1-lp151.2.3.1",
        "status": "affected",
        "version": "pcp",
        "versionType": "custom"
      }
    ]
  }
]