PT-2020-10911 · Suse+1 · Munge+3

Johannes Segitz

Published

2019-12-05

Updated

2024-06-15

CVE-2019-3691

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SUSE Linux Enterprise Server 15 munge versions prior to 0.5.13-4.3.1 openSUSE Factory munge versions prior to 0.5.13-6.1

Description A Symbolic Link (Symlink) Following issue in the packaging of munge allowed local attackers to escalate privileges from user munge to root.

Recommendations For SUSE Linux Enterprise Server 15 munge versions prior to 0.5.13-4.3.1, update to version 0.5.13-4.3.1 or later. For openSUSE Factory munge versions prior to 0.5.13-6.1, update to version 0.5.13-6.1 or later.

Exploit

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

CVE-2019-3691

OPENSUSE-SU-2019:2670-1

OPENSUSE-SU-2019_2670-1

OPENSUSE-SU-2024:11066-1

SUSE-SU-2019:3190-1

SUSE-SU-2019_3190-1

SUSE-SU-2020:1144-1

SUSE-SU-2020_1144-1

Affected Products

Suse Linux Enterprise Server

Suse

Munge

Opensuse Factory

PT-2020-10911 · Suse+1 · Munge+3

CVE-2019-3691

Weakness Enumeration

Related Identifiers

Affected Products

References · 13