CVE-2019-18898

UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1.
References
Link Resource
https://bugzilla.suse.com/show_bug.cgi?id=1157651 Exploit Issue Tracking Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00066.html Mailing List Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:suse:trousers:*:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux_enterprise_server:15:sp1:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:suse:trousers:*:*:*:*:*:*:*:*
cpe:2.3:o:suse:opensuse_factory:-:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Information

Published : 2020-01-23 06:15

Updated : 2022-11-09 20:43


NVD link : CVE-2019-18898

Mitre link : CVE-2019-18898


JSON object : View

CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')

Advertisement

dedicated server usa

Products Affected

suse

  • trousers
  • opensuse_factory
  • suse_linux_enterprise_server

opensuse

  • leap