vulnerability

SUSE: CVE-2019-3690: SUSE Linux Security Advisory

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:L/Au:N/C:C/I:C/A:C)	Dec 6, 2019	Dec 6, 2019	Oct 22, 2021

Severity

CVSS

(AV:L/AC:L/Au:N/C:C/I:C/A:C)

Published

Dec 6, 2019

Added

Dec 6, 2019

Modified

Oct 22, 2021

Description

The chkstat tool in the permissions package followed symlinks before commit a9e1d26cd49ef9ee0c2060c859321128a6dd4230 (please also check the additional hardenings after this fix). This allowed local attackers with control over a path that is traversed by chkstat to escalate privileges.

Solutions

suse-upgrade-permissionssuse-upgrade-permissions-zypp-plugin

References

SUSE-SUSE-SU-2019:14237-1
SUSE-SUSE-SU-2019:3180-1
SUSE-SUSE-SU-2019:3182-1
SUSE-SUSE-SU-2019:3183-1
SUSE-SUSE-SU-2020:1163-1
SUSE-SUSE-SU-2021:2280-1
NVD-CVE-2019-3690

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today