PT-2019-6102 · Opensuse · Privoxy

Johannes Segitz

Published

2019-11-21

Updated

2021-09-14

CVE-2019-3699

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions privoxy versions 3.0.28-lp151.1.1 and prior versions privoxy versions 3.0.28-2.1 and prior versions

Description The issue is related to a UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of privoxy on openSUSE Leap 15.1 and Factory. This vulnerability allows local attackers to escalate from user privoxy to root. The exploitation of this vulnerability may allow an attacker to gain elevated privileges.

Recommendations For privoxy version 3.0.28-lp151.1.1 and prior versions, update to a version that fixes the Symlink Following vulnerability. For privoxy version 3.0.28-2.1 and prior versions, update to a version that fixes the Symlink Following vulnerability. As a temporary workaround, consider restricting access to the vulnerable privoxy packaging to minimize the risk of exploitation.

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

BDU:2021-05384

CVE-2019-3699

Affected Products

Privoxy

PT-2019-6102 · Opensuse · Privoxy

CVE-2019-3699

Weakness Enumeration

Related Identifiers

Affected Products

References · 7