PT-2020-10910 · Suse · Suse Linux Enterprise Server+1

Malte Kraus

Published

2020-01-24

Updated

2024-06-15

CVE-2019-3687

CVSS v3.1

4.0

Medium

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions SUSE Linux Enterprise Server permissions versions starting from 85c83fef7e017f8ab7f8602d3163786d57344439 to 081d081dcfaf61710bda34bc21c80c66276119aa

Description The issue in the permission package of SUSE Linux Enterprise Server allowed all local users to run dumpcap in the "easy" permission profile, enabling them to sniff network traffic.

Recommendations For SUSE Linux Enterprise Server permissions versions starting from 85c83fef7e017f8ab7f8602d3163786d57344439 to 081d081dcfaf61710bda34bc21c80c66276119aa, consider restricting the use of the "easy" permission profile to prevent unauthorized access to network traffic. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2019-3687

OPENSUSE-SU-2020:0302-1

OPENSUSE-SU-2020_0302-1

OPENSUSE-SU-2021:1520-1

OPENSUSE-SU-2021_1520-1

OPENSUSE-SU-2024:11165-1

SUSE-SU-2020:0547-1

SUSE-SU-2020_0547-1

Affected Products

Suse Linux Enterprise Server

Suse

PT-2020-10910 · Suse · Suse Linux Enterprise Server+1

CVE-2019-3687

Weakness Enumeration

Related Identifiers

Affected Products

References · 46