CVE-2019-3687

Published: Jan 24, 2020Modified: Nov 21, 2024

3.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

The permission package in SUSE Linux Enterprise Server allowed all local users to run dumpcap in the "easy" permission profile and sniff network traffic. This issue affects: SUSE Linux Enterprise Server permissions versions starting from 85c83fef7e017f8ab7f8602d3163786d57344439 to 081d081dcfaf61710bda34bc21c80c66276119aa.

Affected (1)

Products: Suse: Linux Enterprise Server

1 product

Linux Enterprise Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Suse Linux Enterprise Server	All versions

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (4)

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00010.html

Source: meissner@suse.de

https://bugzilla.suse.com/show_bug.cgi?id=1148788

Source: meissner@suse.de

Issue TrackingVendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00010.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.suse.com/show_bug.cgi?id=1148788

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.