CVE-2019-3692 - OpenCVE

The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enterprise Server 11 inn version 2.4.2-170.21.3.1 and prior versions. openSUSE Factory inn version 2.6.2-2.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.2.47 and prior versions.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Opensuse	Leap Backports Sle Factory
Suse	Linux Enterprise Server Inn

Configuration 1 [-]

AND

cpe:2.3:a:suse:inn:*:*:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:a:suse:inn:*:*:*:*:*:*:*:*

cpe:2.3:a:opensuse:factory:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:a:suse:inn:*:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Configuration 4 [-]

OR	cpe:2.3:a:opensuse:backports_sle:15.0:sp1::::::
	cpe:2.3:o:opensuse:leap:15.1:::::::*

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00027.html	Broken Link Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00028.html	Broken Link Mailing List Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1154302	Exploit Issue Tracking Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: suse

Published: 2020-01-24T00:00:00

Updated: 2020-11-20T15:45:08

Reserved: 2019-01-03T00:00:00

Link: CVE-2019-3692

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-01-24T09:15:13.203

Modified: 2022-11-16T03:05:17.800

Link: CVE-2019-3692

JSON object: View

Redhat Information

No data.

CWE

CWE-59

{"containers": {"cna": {"affected": [{"product": "SUSE Linux Enterprise Server 11", "vendor": "SUSE", "versions": [{"lessThanOrEqual": "2.4.2-170.21.3.1", "status": "affected", "version": "inn", "versionType": "custom"}]}, {"product": "Factory", "vendor": "openSUSE", "versions": [{"lessThanOrEqual": "2.6.2-2.2", "status": "affected", "version": "inn", "versionType": "custom"}]}, {"product": "Leap 15.1", "vendor": "openSUSE", "versions": [{"lessThanOrEqual": "2.5.4-lp151.2.47", "status": "affected", "version": "inn", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Johannes Segitz of SUSE"}], "datePublic": "2020-01-24T00:00:00", "descriptions": [{"lang": "en", "value": "The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enterprise Server 11 inn version 2.4.2-170.21.3.1 and prior versions. openSUSE Factory inn version 2.6.2-2.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.2.47 and prior versions."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-59", "description": "CWE-59: Improper Link Resolution Before File Access ('Link Following')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-11-20T15:45:08", "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse"}, "references": [{"name": "openSUSE-SU-2020:0234", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00027.html"}, {"name": "openSUSE-SU-2020:0242", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00028.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1154302"}], "source": {"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1154302", "defect": ["1154302"], "discovery": "INTERNAL"}, "title": "Local privilege escalation from user news to root in the packaging of inn", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2020-01-24T00:00:00.000Z", "ID": "CVE-2019-3692", "STATE": "PUBLIC", "TITLE": "Local privilege escalation from user news to root in the packaging of inn"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SUSE Linux Enterprise Server 11", "version": {"version_data": [{"version_affected": "<=", "version_name": "inn", "version_value": "2.4.2-170.21.3.1"}]}}]}, "vendor_name": "SUSE"}, {"product": {"product_data": [{"product_name": "Factory", "version": {"version_data": [{"version_affected": "<=", "version_name": "inn", "version_value": "2.6.2-2.2"}]}}, {"product_name": "Leap 15.1", "version": {"version_data": [{"version_affected": "<=", "version_name": "inn", "version_value": "2.5.4-lp151.2.47"}]}}]}, "vendor_name": "openSUSE"}]}}, "credit": [{"lang": "eng", "value": "Johannes Segitz of SUSE"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enterprise Server 11 inn version 2.4.2-170.21.3.1 and prior versions. openSUSE Factory inn version 2.6.2-2.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.2.47 and prior versions."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-59: Improper Link Resolution Before File Access ('Link Following')"}]}]}, "references": {"reference_data": [{"name": "openSUSE-SU-2020:0234", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00027.html"}, {"name": "openSUSE-SU-2020:0242", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00028.html"}, {"name": "https://bugzilla.suse.com/show_bug.cgi?id=1154302", "refsource": "CONFIRM", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1154302"}]}, "source": {"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1154302", "defect": ["1154302"], "discovery": "INTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "assignerShortName": "suse", "cveId": "CVE-2019-3692", "datePublished": "2020-01-24T00:00:00", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2020-11-20T15:45:08", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:suse:inn:*:*:*:*:*:*:*:*", "matchCriteriaId": "181A7096-BBD6-44C8-8D9E-6F941D410D44", "versionEndIncluding": "2.4.2-170.21.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*", "matchCriteriaId": "F13F07CC-739B-465C-9184-0E9D708BD4C7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:suse:inn:*:*:*:*:*:*:*:*", "matchCriteriaId": "868A4550-1844-4DEE-8EA9-3A0EC6E6C26D", "versionEndIncluding": "2.6.2-2.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:opensuse:factory:-:*:*:*:*:*:*:*", "matchCriteriaId": "E29492E1-43D8-43BF-94E3-26A762A66FAA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:suse:inn:*:*:*:*:*:*:*:*", "matchCriteriaId": "2862580A-E7D3-4B8E-A799-5B46EA7D6722", "versionEndIncluding": "2.5.4-lp151.2.47", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "40513095-7E6E-46B3-B604-C926F1BA3568", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enterprise Server 11 inn version 2.4.2-170.21.3.1 and prior versions. openSUSE Factory inn version 2.6.2-2.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.2.47 and prior versions."}, {"lang": "es", "value": "El empaquetado de inn en SUSE Linux Enterprise Server versi\u00f3n 11; openSUSE Factory, Leap versi\u00f3n 15.1, permite a atacantes locales escalar desde un usuario inn a root, mediante ataques de tipo symlink. Este problema afecta a: inn versi\u00f3n 2.4.2-170.21.3.1 y versiones anteriores, de SUSE Linux Enterprise Server versi\u00f3n 11. inn versi\u00f3n 2.6.2-2.2 y versiones anteriores, de openSUSE Factory . inn versi\u00f3n 2.5.4-lp151.2.47 y versiones anteriores de openSUSE Leap versi\u00f3n 15.1."}], "id": "CVE-2019-3692", "lastModified": "2022-11-16T03:05:17.800", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.2, "source": "meissner@suse.de", "type": "Secondary"}]}, "published": "2020-01-24T09:15:13.203", "references": [{"source": "meissner@suse.de", "tags": ["Broken Link", "Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00027.html"}, {"source": "meissner@suse.de", "tags": ["Broken Link", "Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00028.html"}, {"source": "meissner@suse.de", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1154302"}], "sourceIdentifier": "meissner@suse.de", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "meissner@suse.de", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Secondary"}]}