CVE-2024-52869

Name of the Vulnerable Software and Affected Versions Teradata versions prior to 2024-11-04

Description The issue concerns the mismanagement of groups by certain Teradata account-handling code when used with SUSE Enterprise Linux Server. Specifically, during an operating system change from SUSE Enterprise Linux Server (SLES) 12 Service Pack (SP) 2 or 3 to SLES 15 SP2 on Teradata Database systems, some service or system user accounts, and possibly user accounts created by the systems administrator, are incorrectly assigned to groups that allow higher system-level privileges than intended. This may lead to full system compromise, depending on the usage of these accounts.

Recommendations As a temporary workaround, consider restricting access to the affected groups until a patch is available. Restrict access to the SUSE Enterprise Linux Server to minimize the risk of exploitation. Avoid using the affected Teradata account-handling code until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.