PT-2019-6100 · Opensuse · Gnump3D

Johannes Segitz

Published

2019-10-16

Updated

2021-09-14

CVE-2019-3697

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions openSUSE Leap 15.1 gnump3d versions 3.0-lp151.2.1 and prior versions

Description The issue is related to a UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d. This vulnerability allows local attackers to escalate privileges from the user gnump3d to root. The problem is associated with incorrect handling of symbolic links before accessing a file, which can be exploited to gain elevated privileges.

Recommendations For openSUSE Leap 15.1 gnump3d versions 3.0-lp151.2.1 and prior versions, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

BDU:2021-05335

CVE-2019-3697

Affected Products

Gnump3D

PT-2019-6100 · Opensuse · Gnump3D

CVE-2019-3697

Weakness Enumeration

Related Identifiers

Affected Products

References · 6