CVE-2019-3688

The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the squid user to gain persistence by changing the binary
Configurations

Configuration 1

cpe:2.3:o:suse:suse_linux_enterprise_server:15:-:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux_enterprise_server:15:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux_enterprise_server:12:sp1:*:*:ltss:*:*:*
cpe:2.3:o:suse:suse_linux_enterprise_server:12:sp2:*:*:ltss:*:*:*
cpe:2.3:o:suse:suse_linux_enterprise_server:12:sp3:*:*:ltss:*:*:*

Information

Published : 2019-10-07 02:15

Updated : 2019-11-21 07:15


NVD link : CVE-2019-3688

Mitre link : CVE-2019-3688

Products Affected
No products.
CWE
CWE-276

Incorrect Default Permissions