PT-2019-16649 · Suse · Squid+3

Luiz Angelo Daros De Luca

Publicado

2019-10-07

Atualizado

2024-06-15

CVE-2019-3688

CVSS v3.1

7.1

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions SUSE Linux Enterprise Server 15 versions prior to 4.8-5.8.1 SUSE Linux Enterprise Server 12 versions prior to 3.5.21-26.17.1

Description The issue concerns the /usr/sbin/pinger binary packaged with squid, which had squid:root and 0750 permissions. This allowed an attacker who compromised the squid user to gain persistence by modifying the binary.

Recommendations For SUSE Linux Enterprise Server 15 versions prior to 4.8-5.8.1, update to version 4.8-5.8.1 or later to resolve the issue. For SUSE Linux Enterprise Server 12 versions prior to 3.5.21-26.17.1, update to version 3.5.21-26.17.1 or later to resolve the issue.

Correção

Incorrect Default Permissions

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-276

Identificadores relacionados

CVE-2019-3688

OPENSUSE-SU-2019:2540-1

OPENSUSE-SU-2019:2541-1

OPENSUSE-SU-2019:2672-1

OPENSUSE-SU-2019_2540-1

OPENSUSE-SU-2019_2541-1

OPENSUSE-SU-2019_2672-1

OPENSUSE-SU-2021:1520-1

OPENSUSE-SU-2021_1520-1

OPENSUSE-SU-2024:11165-1

SUSE-SU-2019:2975-1

SUSE-SU-2019:3180-1

SUSE-SU-2019:3182-1

SUSE-SU-2019:3183-1

SUSE-SU-2019_3180-1

SUSE-SU-2019_3182-1

SUSE-SU-2019_3183-1

SUSE-SU-2020:1163-1

SUSE-SU-2020_1163-1

SUSE-SU-2021:2280-1

SUSE-SU-2021_2280-1

Produtos afetados

Suse Linux Enterprise Server 12

Suse Linux Enterprise Server 15

Suse

Squid

PT-2019-16649 · Suse · Squid+3

CVE-2019-3688

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 94