Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-3688

The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the squid user to gain persistence by changing the binary

Published

2019-10-07T14:15:11.977

Last Modified

2024-11-21T04:42:20.127

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.1 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:C/A:C

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

3.9

Impact Score

9.2

Weaknesses
  • Type: Secondary
    CWE-276
  • Type: Primary
    CWE-276
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System suse suse_linux_enterprise_server 12 Yes
Operating System suse suse_linux_enterprise_server 12 Yes
Operating System suse suse_linux_enterprise_server 12 Yes
Operating System suse suse_linux_enterprise_server 15 Yes
Operating System suse suse_linux_enterprise_server 15 Yes
References