CVE-2019-3687

The permission package in SUSE Linux Enterprise Server allowed all local users to run dumpcap in the "easy" permission profile and sniff network traffic. This issue affects: SUSE Linux Enterprise Server permissions versions starting from 85c83fef7e017f8ab7f8602d3163786d57344439 to 081d081dcfaf61710bda34bc21c80c66276119aa.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
Affected Products (NVD)
VendorProductVersion
suselinux_enterprise_server
-
𝑥
= Vulnerable software versions
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
permissions-20181116
suse enterprise desktop 15 SP1
9.23.1
fixed
suse enterprise sap 15 SP1
9.23.1
fixed
suse enterprise server 15 SP1
9.23.1
fixed
permissions-20181224
suse enterprise desktop 15 SP2
21.1
fixed
suse enterprise desktop 15 SP3
23.3.1
fixed
suse enterprise sap 15 SP2
21.1
fixed
suse enterprise sap 15 SP3
23.3.1
fixed
suse enterprise server 15 SP2
21.1
fixed
suse enterprise server 15 SP3
23.3.1
fixed
permissions-20201225
suse enterprise desktop 15 SP4
150400.3.4
fixed
suse enterprise desktop 15 SP5
150400.5.16.1
fixed
suse enterprise desktop 15 SP6
150400.5.16.1
fixed
suse enterprise sap 15 SP4
150400.3.4
fixed
suse enterprise sap 15 SP5
150400.5.16.1
fixed
suse enterprise sap 15 SP6
150400.5.16.1
fixed
suse enterprise server 15 SP4
150400.3.4
fixed
suse enterprise server 15 SP5
150400.5.16.1
fixed
suse enterprise server 15 SP6
150400.5.16.1
fixed
permissions-20240826
suse enterprise desktop 15 SP7
150700.14.4
fixed
suse enterprise sap 15 SP7
150700.14.4
fixed
suse enterprise server 15 SP7
150700.14.4
fixed
permissions-zypp-plugin-20181116
suse enterprise desktop 15 SP1
9.23.1
fixed
suse enterprise sap 15 SP1
9.23.1
fixed
suse enterprise server 15 SP1
9.23.1
fixed
permissions-zypp-plugin-20181224
suse enterprise desktop 15 SP2
21.1
fixed
suse enterprise desktop 15 SP3
23.3.1
fixed
suse enterprise sap 15 SP2
21.1
fixed
suse enterprise sap 15 SP3
23.3.1
fixed
suse enterprise server 15 SP2
21.1
fixed
suse enterprise server 15 SP3
23.3.1
fixed
permissions-zypp-plugin-20201225
suse enterprise desktop 15 SP4
150400.3.4
fixed
suse enterprise desktop 15 SP5
150400.5.16.1
fixed
suse enterprise desktop 15 SP6
150400.5.16.1
fixed
suse enterprise sap 15 SP4
150400.3.4
fixed
suse enterprise sap 15 SP5
150400.5.16.1
fixed
suse enterprise sap 15 SP6
150400.5.16.1
fixed
suse enterprise server 15 SP4
150400.3.4
fixed
suse enterprise server 15 SP5
150400.5.16.1
fixed
suse enterprise server 15 SP6
150400.5.16.1
fixed
permissions-zypp-plugin-20240826
suse enterprise desktop 15 SP7
150700.14.4
fixed
suse enterprise sap 15 SP7
150700.14.4
fixed
suse enterprise server 15 SP7
150700.14.4
fixed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00010.html
https://bugzilla.suse.com/show_bug.cgi?id=1148788
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00010.html
https://bugzilla.suse.com/show_bug.cgi?id=1148788