The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enterprise Server 11 inn version 2.4.2-170.21.3.1 and prior versions. openSUSE Factory inn version 2.6.2-2.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.2.47 and prior versions.
2020-01-24T09:15:13.203
2024-11-21T04:42:20.630
Modified
CVSSv3.1: 7.7 (HIGH)
AV:L/AC:L/Au:N/C:C/I:C/A:C
3.9
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | suse | inn | ≤ 2.4.2-170.21.3.1 | Yes |
| Operating System | suse | linux_enterprise_server | 11 | No |
| Application | suse | inn | ≤ 2.6.2-2.2 | Yes |
| Application | opensuse | factory | - | No |
| Application | suse | inn | ≤ 2.5.4-lp151.2.47 | Yes |
| Operating System | opensuse | leap | 15.1 | No |
| Application | opensuse | backports_sle | 15.0 | Yes |
| Operating System | opensuse | leap | 15.1 | Yes |