EUVD-2019-13325

Malware in sbrugna...

EUVD-2020-28926

Malware in sbrugna...

EUVD-2005-3320

Malware in sbrugna...

OPENSUSE-SU-2024:12335-1 chkstat-1599_20220912-1.1 on GA media

These are all security issues fixed in the chkstat-159920220912-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11165-1 chkstat-1550_20210901-29.2 on GA media

These are all security issues fixed in the chkstat-155020210901-29.2 package on the GA media of openSUSE Tumbleweed...

SUSE CVE-2019-3690

The chkstat tool in the permissions package followed symlinks before commit a9e1d26cd49ef9ee0c2060c859321128a6dd4230 please also check the additional hardenings after this fix. This allowed local attackers with control over a path that is traversed by chkstat to escalate privileges...

SUSE CVE-2020-8013

A UNIX Symbolic Link Symlink Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. The symlinks can't be...

SUSE CVE-2022-31252

A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the...

CVE-2022-31252

A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the...

CVE-2022-31252 permissions: chkstat does not check for group-writable parent directories or target files in safeOpen()

A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the...

CVE-2022-31252

CVE-2022-31252 describes an Incorrect Authorization in chkstat where group-writable path components aren’t checked, allowing local attackers with group write access to influence path resolution for a privileged binary. Affected: SLES 12-SP5 (permissions versions prior to 20170707); openSUSE Leap ...

SUSE SLES12 Security Update : permissions (SUSE-SU-2022:3382-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:3382-1 advisory. - A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUS...

SUSE SLED15 / SLES15 Security Update : permissions (SUSE-SU-2022:3394-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3394-1 advisory. - A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSU...

SUSE-SU-2022:3382-1 Security update for permissions

This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths bsc1203018. - Add capability for prometheus-blackboxexporter bsc1191194. - Make btmp root:utmp bsc1050467...

SUSE SLED15 / SLES15 Security Update : permissions (SUSE-SU-2022:3353-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3353-1 advisory. - A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSU...

openSUSE 安全漏洞

openSUSE is a set of Linux-based free operating systems and open source community projects from SUSE Germany. A security vulnerability exists in openSUSE. An attacker can exploit this vulnerability to bypass SUSE privileged access restrictions via chkstat to read or change files...

Security update for permissions (moderate)

openSUSE Security Update: Security update for permissions Announcement ID: openSUSE-SU-2022:10128-1 Rating: moderate References: 1203018 Cross-References: CVE-2022-31252 CVSS scores: CVE-2022-31252 SUSE: 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.3 An...

openSUSE 15 Security Update : permissions (openSUSE-SU-2022:10128-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:10128-1 advisory. - A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap...

CVE-2022-31252

A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the...

openSUSE 15 Security Update : permissions (openSUSE-SU-2021:1520-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1520-1 advisory. - The permission package in SUSE Linux Enterprise Server allowed all local users to run dumpcap in the easy permission profile and sniff...