CVE-2019-3689

The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and managed by root. If statd is compromised, it can therefore trick processes running with root privileges into creating/overwriting files anywhere on the system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.1 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
Affected Products (NVD)
VendorProductVersion
linux-nfsnfs-utils
𝑥
≤ 1.3.0-34.18.1
linux-nfsnfs-utils
𝑥
≤ 2.1.1-6.10.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
nfs-utils
bookworm
1:2.6.2-4
fixed
bullseye
1:1.3.4-6+deb11u1
fixed
sid
1:2.8.1-1
fixed
trixie
1:2.8.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
nfs-utils
bionic
Fixed 1:1.3.4-2.1ubuntu5.3
released
disco
ignored
eoan
Fixed 1:1.3.4-2.5ubuntu2.1
released
focal
Fixed 1:1.3.4-2.5ubuntu3.3
released
groovy
Fixed 1:1.3.4-2.5ubuntu5
released
hirsute
Fixed 1:1.3.4-2.5ubuntu5
released
impish
Fixed 1:1.3.4-2.5ubuntu5
released
jammy
Fixed 1:1.3.4-2.5ubuntu5
released
kinetic
Fixed 1:1.3.4-2.5ubuntu5
released
lunar
Fixed 1:1.3.4-2.5ubuntu5
released
mantic
Fixed 1:1.3.4-2.5ubuntu5
released
noble
Fixed 1:1.3.4-2.5ubuntu5
released
trusty
needed
xenial
Fixed 1:1.2.8-9ubuntu12.3
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libnfsidmap0
suse enterprise desktop 15 SP7
0.26-150600.28.9.2
fixed
suse enterprise sap 15 SP7
0.26-150600.28.9.2
fixed
suse enterprise server 15 SP7
0.26-150600.28.9.2
fixed
libnfsidmap1
suse enterprise desktop 15 SP6
1.0-150600.26.2
fixed
suse enterprise desktop 15 SP7
1.0-150600.28.9.2
fixed
suse enterprise sap 15 SP6
1.0-150600.26.2
fixed
suse enterprise sap 15 SP7
1.0-150600.28.9.2
fixed
suse enterprise server 15 SP6
1.0-150600.26.2
fixed
suse enterprise server 15 SP7
1.0-150600.28.9.2
fixed
nfs-client
suse enterprise desktop 15
2.1.1-6.14.1
fixed
suse enterprise desktop 15 SP1
2.1.1-10.4.1
fixed
suse enterprise desktop 15 SP2
2.1.1-10.4.1
fixed
suse enterprise desktop 15 SP3
2.1.1-10.4.1
fixed
suse enterprise desktop 15 SP4
2.1.1-10.4.1
fixed
suse enterprise desktop 15 SP5
2.1.1-150500.20.2
fixed
suse enterprise desktop 15 SP6
2.6.4-150600.26.2
fixed
suse enterprise desktop 15 SP7
2.6.4-150600.28.9.2
fixed
suse enterprise sap 12 SP2
1.3.0-34.22.1
fixed
suse enterprise sap 12 SP3
1.3.0-34.22.1
fixed
suse enterprise sap 12 SP4
1.3.0-34.22.1
fixed
suse enterprise sap 12 SP5
1.3.0-34.22.1
fixed
suse enterprise sap 15
2.1.1-6.14.1
fixed
suse enterprise sap 15 SP1
2.1.1-10.4.1
fixed
suse enterprise sap 15 SP2
2.1.1-10.4.1
fixed
suse enterprise sap 15 SP3
2.1.1-10.4.1
fixed
suse enterprise sap 15 SP4
2.1.1-10.4.1
fixed
suse enterprise sap 15 SP5
2.1.1-150500.20.2
fixed
suse enterprise sap 15 SP6
2.6.4-150600.26.2
fixed
suse enterprise sap 15 SP7
2.6.4-150600.28.9.2
fixed
suse enterprise server 12 SP1
1.3.0-41.3.1
fixed
suse enterprise server 12 SP2
1.3.0-34.22.1
fixed
suse enterprise server 12 SP3
1.3.0-34.22.1
fixed
suse enterprise server 12 SP4
1.3.0-34.22.1
fixed
suse enterprise server 12 SP5
1.3.0-34.22.1
fixed
suse enterprise server 15
2.1.1-6.14.1
fixed
suse enterprise server 15 SP1
2.1.1-10.4.1
fixed
suse enterprise server 15 SP2
2.1.1-10.4.1
fixed
suse enterprise server 15 SP3
2.1.1-10.4.1
fixed
suse enterprise server 15 SP4
2.1.1-10.4.1
fixed
suse enterprise server 15 SP5
2.1.1-150500.20.2
fixed
suse enterprise server 15 SP6
2.6.4-150600.26.2
fixed
suse enterprise server 15 SP7
2.6.4-150600.28.9.2
fixed
nfs-doc
suse enterprise desktop 15
2.1.1-6.14.1
fixed
suse enterprise desktop 15 SP1
2.1.1-10.4.1
fixed
suse enterprise desktop 15 SP2
2.1.1-10.4.1
fixed
suse enterprise desktop 15 SP3
2.1.1-10.4.1
fixed
suse enterprise desktop 15 SP4
2.1.1-10.4.1
fixed
suse enterprise desktop 15 SP5
2.1.1-150500.20.2
fixed
suse enterprise desktop 15 SP6
2.6.4-150600.26.2
fixed
suse enterprise desktop 15 SP7
2.6.4-150600.28.9.2
fixed
suse enterprise sap 12 SP2
1.3.0-34.22.1
fixed
suse enterprise sap 12 SP3
1.3.0-34.22.1
fixed
suse enterprise sap 12 SP4
1.3.0-34.22.1
fixed
suse enterprise sap 12 SP5
1.3.0-34.22.1
fixed
suse enterprise sap 15
2.1.1-6.14.1
fixed
suse enterprise sap 15 SP1
2.1.1-10.4.1
fixed
suse enterprise sap 15 SP2
2.1.1-10.4.1
fixed
suse enterprise sap 15 SP3
2.1.1-10.4.1
fixed
suse enterprise sap 15 SP4
2.1.1-10.4.1
fixed
suse enterprise sap 15 SP5
2.1.1-150500.20.2
fixed
suse enterprise sap 15 SP6
2.6.4-150600.26.2
fixed
suse enterprise sap 15 SP7
2.6.4-150600.28.9.2
fixed
suse enterprise server 12 SP1
1.3.0-41.3.1
fixed
suse enterprise server 12 SP2
1.3.0-34.22.1
fixed
suse enterprise server 12 SP3
1.3.0-34.22.1
fixed
suse enterprise server 12 SP4
1.3.0-34.22.1
fixed
suse enterprise server 12 SP5
1.3.0-34.22.1
fixed
suse enterprise server 15
2.1.1-6.14.1
fixed
suse enterprise server 15 SP1
2.1.1-10.4.1
fixed
suse enterprise server 15 SP2
2.1.1-10.4.1
fixed
suse enterprise server 15 SP3
2.1.1-10.4.1
fixed
suse enterprise server 15 SP4
2.1.1-10.4.1
fixed
suse enterprise server 15 SP5
2.1.1-150500.20.2
fixed
suse enterprise server 15 SP6
2.6.4-150600.26.2
fixed
suse enterprise server 15 SP7
2.6.4-150600.28.9.2
fixed
nfs-kernel-server
suse enterprise desktop 15
2.1.1-6.14.1
fixed
suse enterprise desktop 15 SP1
2.1.1-10.4.1
fixed
suse enterprise desktop 15 SP2
2.1.1-10.4.1
fixed
suse enterprise desktop 15 SP3
2.1.1-10.4.1
fixed
suse enterprise desktop 15 SP4
2.1.1-10.4.1
fixed
suse enterprise desktop 15 SP5
2.1.1-150500.20.2
fixed
suse enterprise desktop 15 SP6
2.6.4-150600.26.2
fixed
suse enterprise desktop 15 SP7
2.6.4-150600.28.9.2
fixed
suse enterprise sap 12 SP2
1.3.0-34.22.1
fixed
suse enterprise sap 12 SP3
1.3.0-34.22.1
fixed
suse enterprise sap 12 SP4
1.3.0-34.22.1
fixed
suse enterprise sap 12 SP5
1.3.0-34.22.1
fixed
suse enterprise sap 15
2.1.1-6.14.1
fixed
suse enterprise sap 15 SP1
2.1.1-10.4.1
fixed
suse enterprise sap 15 SP2
2.1.1-10.4.1
fixed
suse enterprise sap 15 SP3
2.1.1-10.4.1
fixed
suse enterprise sap 15 SP4
2.1.1-10.4.1
fixed
suse enterprise sap 15 SP5
2.1.1-150500.20.2
fixed
suse enterprise sap 15 SP6
2.6.4-150600.26.2
fixed
suse enterprise sap 15 SP7
2.6.4-150600.28.9.2
fixed
suse enterprise server 12 SP1
1.3.0-41.3.1
fixed
suse enterprise server 12 SP2
1.3.0-34.22.1
fixed
suse enterprise server 12 SP3
1.3.0-34.22.1
fixed
suse enterprise server 12 SP4
1.3.0-34.22.1
fixed
suse enterprise server 12 SP5
1.3.0-34.22.1
fixed
suse enterprise server 15
2.1.1-6.14.1
fixed
suse enterprise server 15 SP1
2.1.1-10.4.1
fixed
suse enterprise server 15 SP2
2.1.1-10.4.1
fixed
suse enterprise server 15 SP3
2.1.1-10.4.1
fixed
suse enterprise server 15 SP4
2.1.1-10.4.1
fixed
suse enterprise server 15 SP5
2.1.1-150500.20.2
fixed
suse enterprise server 15 SP6
2.6.4-150600.26.2
fixed
suse enterprise server 15 SP7
2.6.4-150600.28.9.2
fixed
nfsidmap-devel
suse enterprise desktop 15 SP6
1.0-150600.26.2
fixed
suse enterprise desktop 15 SP7
1.0-150600.28.9.2
fixed
suse enterprise sap 15 SP6
1.0-150600.26.2
fixed
suse enterprise sap 15 SP7
1.0-150600.28.9.2
fixed
suse enterprise server 15 SP6
1.0-150600.26.2
fixed
suse enterprise server 15 SP7
1.0-150600.28.9.2
fixed
nfsidmap0-devel
suse enterprise desktop 15 SP7
0.26-150600.28.9.2
fixed
suse enterprise sap 15 SP7
0.26-150600.28.9.2
fixed
suse enterprise server 15 SP7
0.26-150600.28.9.2
fixed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00071.html
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00006.html
https://bugzilla.suse.com/show_bug.cgi?id=1150733
https://git.linux-nfs.org/?p=steved/nfs-utils.git%3Ba=commitdiff%3Bh=fee2cc29e888f2ced6a76990923aef19d326dc0e
https://lists.debian.org/debian-lts-announce/2019/10/msg00026.html
https://usn.ubuntu.com/4400-1/
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00071.html
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00006.html
https://bugzilla.suse.com/show_bug.cgi?id=1150733
https://git.linux-nfs.org/?p=steved/nfs-utils.git%3Ba=commitdiff%3Bh=fee2cc29e888f2ced6a76990923aef19d326dc0e
https://lists.debian.org/debian-lts-announce/2019/10/msg00026.html
https://usn.ubuntu.com/4400-1/