Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2019-3689
Description:The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and managed by root. If statd is compromised, it can therefore trick processes running with root privileges into creating/overwriting files anywhere on the system.
Test IDs: 1.3.6.1.4.1.25623.1.0.852756   1.3.6.1.4.1.25623.1.0.891965   1.3.6.1.4.1.25623.1.0.852966   1.3.6.1.4.1.25623.1.1.2.2020.1871   1.3.6.1.4.1.25623.1.1.2.2020.2027   1.3.6.1.4.1.25623.1.0.844475   1.3.6.1.4.1.25623.1.1.4.2019.2781.1   1.3.6.1.4.1.25623.1.1.4.2019.2771.1   1.3.6.1.4.1.25623.1.1.4.2019.2776.1   1.3.6.1.4.1.25623.1.1.4.2019.2782.1  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2019-3689
https://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commitdiff;h=fee2cc29e888f2ced6a76990923aef19d326dc0e
https://lists.debian.org/debian-lts-announce/2019/10/msg00026.html
SuSE Security Announcement: openSUSE-SU-2019:2408 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00071.html
SuSE Security Announcement: openSUSE-SU-2019:2435 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00006.html
https://usn.ubuntu.com/4400-1/




© 1998-2024 E-Soft Inc. All rights reserved.