CVE-2019-3693 - OpenCVE

A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman. This issue affects: SUSE Linux Enterprise Server 11 mailman versions prior to 2.1.15-9.6.15.1. SUSE Linux Enterprise Server 12 mailman versions prior to 2.1.17-3.11.1. openSUSE Leap 15.1 mailman version 2.1.29-lp151.2.14 and prior versions.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Suse	Linux Enterprise Server Mailman
Opensuse	Leap Backports Sle

Configuration 1 [-]

AND

cpe:2.3:a:suse:mailman:*:*:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:a:suse:mailman:*:*:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:a:suse:mailman:*:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Configuration 4 [-]

cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00059.html	Mailing List Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00000.html	Mailing List Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1154328	Issue Tracking Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: suse

Published: 2019-11-26T00:00:00

Updated: 2020-11-20T15:45:08

Reserved: 2019-01-03T00:00:00

Link: CVE-2019-3693

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-01-24T10:15:12.053

Modified: 2022-11-10T04:42:16.440

Link: CVE-2019-3693

JSON object: View

Redhat Information

No data.

CWE

CWE-59

{"containers": {"cna": {"affected": [{"product": "SUSE Linux Enterprise Server 11", "vendor": "SUSE", "versions": [{"lessThan": "2.1.15-9.6.15.1", "status": "affected", "version": "mailman", "versionType": "custom"}]}, {"product": "SUSE Linux Enterprise Server 12", "vendor": "SUSE", "versions": [{"lessThan": "2.1.17-3.11.1", "status": "affected", "version": "mailman", "versionType": "custom"}]}, {"product": "Leap 15.1", "vendor": "openSUSE", "versions": [{"lessThanOrEqual": "2.1.29-lp151.2.14", "status": "affected", "version": "mailman", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Johannes Segitz of SUSE"}], "datePublic": "2019-11-26T00:00:00", "descriptions": [{"lang": "en", "value": "A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman. This issue affects: SUSE Linux Enterprise Server 11 mailman versions prior to 2.1.15-9.6.15.1. SUSE Linux Enterprise Server 12 mailman versions prior to 2.1.17-3.11.1. openSUSE Leap 15.1 mailman version 2.1.29-lp151.2.14 and prior versions."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-59", "description": "CWE-59: Improper Link Resolution Before File Access ('Link Following')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-11-20T15:45:08", "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse"}, "references": [{"name": "openSUSE-SU-2020:0148", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00059.html"}, {"name": "openSUSE-SU-2020:0156", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00000.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1154328"}], "source": {"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1154328", "defect": ["1154328"], "discovery": "INTERNAL"}, "title": "Local privilege escalation from user wwwrun to root in the packaging of mailman", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2019-11-26T00:00:00.000Z", "ID": "CVE-2019-3693", "STATE": "PUBLIC", "TITLE": "Local privilege escalation from user wwwrun to root in the packaging of mailman"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SUSE Linux Enterprise Server 11", "version": {"version_data": [{"version_affected": "<", "version_name": "mailman", "version_value": "2.1.15-9.6.15.1"}]}}, {"product_name": "SUSE Linux Enterprise Server 12", "version": {"version_data": [{"version_affected": "<", "version_name": "mailman", "version_value": "2.1.17-3.11.1"}]}}]}, "vendor_name": "SUSE"}, {"product": {"product_data": [{"product_name": "Leap 15.1", "version": {"version_data": [{"version_affected": "<=", "version_name": "mailman", "version_value": "2.1.29-lp151.2.14"}]}}]}, "vendor_name": "openSUSE"}]}}, "credit": [{"lang": "eng", "value": "Johannes Segitz of SUSE"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman. This issue affects: SUSE Linux Enterprise Server 11 mailman versions prior to 2.1.15-9.6.15.1. SUSE Linux Enterprise Server 12 mailman versions prior to 2.1.17-3.11.1. openSUSE Leap 15.1 mailman version 2.1.29-lp151.2.14 and prior versions."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-59: Improper Link Resolution Before File Access ('Link Following')"}]}]}, "references": {"reference_data": [{"name": "openSUSE-SU-2020:0148", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00059.html"}, {"name": "openSUSE-SU-2020:0156", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00000.html"}, {"name": "https://bugzilla.suse.com/show_bug.cgi?id=1154328", "refsource": "CONFIRM", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1154328"}]}, "source": {"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1154328", "defect": ["1154328"], "discovery": "INTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "assignerShortName": "suse", "cveId": "CVE-2019-3693", "datePublished": "2019-11-26T00:00:00", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2020-11-20T15:45:08", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:suse:mailman:*:*:*:*:*:*:*:*", "matchCriteriaId": "F4378052-91CF-47E4-8600-F3FAF2A6A2C0", "versionEndExcluding": "2.1.15-9.6.15.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*", "matchCriteriaId": "F13F07CC-739B-465C-9184-0E9D708BD4C7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:suse:mailman:*:*:*:*:*:*:*:*", "matchCriteriaId": "1C31B658-2EE8-4DCF-9D52-5BD03110B7A5", "versionEndExcluding": "2.1.17-3.11.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*", "matchCriteriaId": "15FC9014-BD85-4382-9D04-C0703E901D7A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:suse:mailman:*:*:*:*:*:*:*:*", "matchCriteriaId": "39D76848-1031-46B9-B1EF-7BC3EB3B6597", "versionEndIncluding": "2.1.29-lp151.2.14", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "40513095-7E6E-46B3-B604-C926F1BA3568", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman. This issue affects: SUSE Linux Enterprise Server 11 mailman versions prior to 2.1.15-9.6.15.1. SUSE Linux Enterprise Server 12 mailman versions prior to 2.1.17-3.11.1. openSUSE Leap 15.1 mailman version 2.1.29-lp151.2.14 and prior versions."}, {"lang": "es", "value": "Una vulnerabilidad de tipo symlink following en el empaquetado de mailman en SUSE Linux Enterprise Server versi\u00f3n 11, SUSE Linux Enterprise Server versi\u00f3n 12; openSUSE Leap versi\u00f3n 15.1, permiti\u00f3 a atacantes locales escalar sus privilegios desde un usuario wwwrun a root. Adicionalmente, los archivos arbitrarios pueden ser cambiados a mailman de grupo. Este problema afecta a: mailman versiones anteriores a 2.1.15-9.6.15.1 de SUSE Linux Enterprise Server versi\u00f3n 11. mailman versiones anteriores a 2.1.17-3.11.1 de SUSE Linux Enterprise Server versi\u00f3n 12. mailman versi\u00f3n 2.1.29-lp151.2.14 y versiones anteriores, de openSUSE Leap versi\u00f3n 15.1."}], "id": "CVE-2019-3693", "lastModified": "2022-11-10T04:42:16.440", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.2, "source": "meissner@suse.de", "type": "Secondary"}]}, "published": "2020-01-24T10:15:12.053", "references": [{"source": "meissner@suse.de", "tags": ["Mailing List", "Vendor Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00059.html"}, {"source": "meissner@suse.de", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00000.html"}, {"source": "meissner@suse.de", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1154328"}], "sourceIdentifier": "meissner@suse.de", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "meissner@suse.de", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Secondary"}]}