Vulnerability Description
The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enterprise Server 11 inn version 2.4.2-170.21.3.1 and prior versions. openSUSE Factory inn version 2.6.2-2.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.2.47 and prior versions.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Suse | Inn | <= 2.4.2-170.21.3.1 |
| Suse | Linux Enterprise Server | 11 |
| Opensuse | Factory | - |
| Opensuse | Leap | 15.1 |
| Opensuse | Backports Sle | 15.0 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00027.htmlBroken LinkMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00028.htmlBroken LinkMailing ListThird Party Advisory
- https://bugzilla.suse.com/show_bug.cgi?id=1154302ExploitIssue TrackingVendor Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00027.htmlBroken LinkMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00028.htmlBroken LinkMailing ListThird Party Advisory
- https://bugzilla.suse.com/show_bug.cgi?id=1154302ExploitIssue TrackingVendor Advisory
FAQ
What is CVE-2019-3692?
CVE-2019-3692 is a vulnerability with a CVSS score of 7.7 (HIGH). The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enterp...
How severe is CVE-2019-3692?
CVE-2019-3692 has been rated HIGH with a CVSS base score of 7.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-3692?
Check the references section above for vendor advisories and patch information. Affected products include: Suse Inn, Suse Linux Enterprise Server, Opensuse Factory, Opensuse Leap, Opensuse Backports Sle.