Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2019-3688
PUBLISHED
More InfoOfficial Page
Assigner-suse
Assigner Org ID-404e59f5-483d-4b8a-8e7a-e67604dd8afb
View Known Exploited Vulnerability (KEV) details
Published At-07 Oct, 2019 | 14:00
Updated At-16 Sep, 2024 | 23:01
Rejected At-
▼CVE Numbering Authority (CNA)
squid: /usr/sbin/pinger packaged with wrong permission

The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the squid user to gain persistence by changing the binary

Affected Products
Vendor
SUSESUSE
Product
SUSE Linux Enterprise Server 15
Versions
Affected
  • From squid through 4.8-5.8.1 (custom)
Vendor
SUSESUSE
Product
SUSE Linux Enterprise Server 12
Versions
Affected
  • From squid through 3.5.21-26.17.1 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-276CWE-276 Incorrect Default Permissions
Metrics
VersionBase scoreBase severityVector
3.15.1MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://bugzilla.suse.com/show_bug.cgi?id=1093414
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html
vendor-advisory
x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html
vendor-advisory
x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00024.html
vendor-advisory
x_refsource_SUSE
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://bugzilla.suse.com/show_bug.cgi?id=1093414
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00024.html
vendor-advisory
x_refsource_SUSE
x_transferred
Details not found