CVE-2019-3693

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SUSE Linux Enterprise Server 11 mailman versions prior to 2.1.15-9.6.15.1 SUSE Linux Enterprise Server 12 mailman versions prior to 2.1.17-3.11.1 openSUSE Leap 15.1 mailman version 2.1.29-lp151.2.14 and prior versions

Description A symlink following issue in the packaging of mailman allowed local attackers to escalate their privileges from user wwwrun to root. Additionally, arbitrary files could be changed to group mailman.

Recommendations For SUSE Linux Enterprise Server 11, update mailman to version 2.1.15-9.6.15.1 or later. For SUSE Linux Enterprise Server 12, update mailman to version 2.1.17-3.11.1 or later. For openSUSE Leap 15.1, update mailman to a version later than 2.1.29-lp151.2.14.

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

CVE-2019-3693

OPENSUSE-SU-2020:0148-1

OPENSUSE-SU-2020:0156-1

OPENSUSE-SU-2020_0148-1

SUSE-SU-2019:14230-1

SUSE-SU-2019:3076-1

SUSE-SU-2019_14230-1

SUSE-SU-2019_3076-1

Affected Products

Suse Linux Enterprise Server

Suse

Mailman

Opensuse Leap

CVE-2019-3693

Weakness Enumeration

Related Identifiers

Affected Products

References · 15