CVE-2019-18901

Published: Mar 2, 2020Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Linux Enterprise Server 12 mariadb versions prior to 10.2.31-3.25.1. SUSE Linux Enterprise Server 15 mariadb versions prior to 10.2.31-3.26.1.

Affected (3)

Products: Opensuse: Leap · Suse: Linux Enterprise Server

1 product

1 product

Linux Enterprise Server

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.1
Suse Linux Enterprise Server	Version 12
Suse Linux Enterprise Server	Version 15

Related CWEs

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (4)

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00007.html

Source: meissner@suse.de

Broken LinkMailing ListVendor Advisory

https://bugzilla.suse.com/show_bug.cgi?id=1160895

Source: meissner@suse.de

Issue TrackingVendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00007.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkMailing ListVendor Advisory

https://bugzilla.suse.com/show_bug.cgi?id=1160895

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.