CVE-2019-3693

24.01.2020, 10:15

A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman. This issue affects: SUSE Linux Enterprise Server 11 mailman versions prior to 2.1.15-9.6.15.1. SUSE Linux Enterprise Server 12 mailman versions prior to 2.1.17-3.11.1. openSUSE Leap 15.1 mailman version 2.1.29-lp151.2.14 and prior versions.

Link Following

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.7 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
suse	CNA	7.7 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 39%

Vendor	Product	Version
suse	mailman	𝑥 < 2.1.15-9.6.15.1
suse	mailman	𝑥 < 2.1.17-3.11.1
suse	mailman	𝑥 ≤ 2.1.29-lp151.2.14
opensuse	backports_sle	15.0:sp1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-59 - Improper Link Resolution Before File Access ('Link Following')
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00059.html

http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00000.html

https://bugzilla.suse.com/show_bug.cgi?id=1154328

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00059.html

http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00000.html

https://bugzilla.suse.com/show_bug.cgi?id=1154328