#VU22333 Permissions, Privileges, and Access Controls in SUSE Linux - CVE-2019-3689

Cybersecurity Help s.r.o.

Published: 2019-10-29

Vulnerability identifier: #VU22333

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-3689

CWE-ID: CWE-264

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
SUSE Linux
Operating systems & Components / Operating system

Vendor: SUSE

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insecure permissions on the " /var/lib/nfs" directory owned by statd:nogroup in the nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2. This directory contains files owned and managed by root. If statd is compromised, it can therefore trick processes running with root privileges into creating/overwriting files anywhere on the system.

Successful exploitation of the vulnerability may allow a local user to escalate privileges on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

SUSE Linux: 15

External links
https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00071.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Dell EMC Data Protection Search

OpenSUSE Linux update for nfs-utils

Privilege escalation in nfs-utils package in openSUSE