CVE-2018-19636

Published: Mar 5, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Supportutils, before version 3.1-5.7.1, when run with command line argument -A searched the file system for a ndspath binary. If an attacker provides one at an arbitrary location it is executed with root privileges

Affected (1)

Products: Opensuse: Supportutils

Opensuse

1 product

Supportutils

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Supportutils	Before 3.1-5.7.1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (4)

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00018.html

Source: security@opentext.com

https://bugzilla.suse.com/show_bug.cgi?id=1117751

Source: security@opentext.com

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00018.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.suse.com/show_bug.cgi?id=1117751

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.