Vulnerabilites related to SUSE - SUSE Linux Enterprise Server
CVE-2019-3687 (GCVE-0-2019-3687)
Vulnerability from cvelistv5
Published
2020-01-24 08:25
Modified
2024-09-16 20:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-276 - Incorrect Default Permissions
Summary
The permission package in SUSE Linux Enterprise Server allowed all local users to run dumpcap in the "easy" permission profile and sniff network traffic. This issue affects: SUSE Linux Enterprise Server permissions versions starting from 85c83fef7e017f8ab7f8602d3163786d57344439 to 081d081dcfaf61710bda34bc21c80c66276119aa.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server |
Version: permissions < 081d081dcfaf61710bda34bc21c80c66276119aa |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:16.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1148788"
},
{
"name": "openSUSE-SU-2020:0302",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00010.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SUSE Linux Enterprise Server",
"vendor": "SUSE",
"versions": [
{
"lessThan": "081d081dcfaf61710bda34bc21c80c66276119aa",
"status": "affected",
"version": "permissions",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Malte Kraus of SUSE"
}
],
"datePublic": "2019-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The permission package in SUSE Linux Enterprise Server allowed all local users to run dumpcap in the \"easy\" permission profile and sniff network traffic. This issue affects: SUSE Linux Enterprise Server permissions versions starting from 85c83fef7e017f8ab7f8602d3163786d57344439 to 081d081dcfaf61710bda34bc21c80c66276119aa."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276: Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-05T00:06:01",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1148788"
},
{
"name": "openSUSE-SU-2020:0302",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00010.html"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1148788",
"defect": [
"1148788"
],
"discovery": "INTERNAL"
},
"title": "\"easy\" permission profile allows everyone execute dumpcap and read all network traffic",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2019-08-30T00:00:00.000Z",
"ID": "CVE-2019-3687",
"STATE": "PUBLIC",
"TITLE": "\"easy\" permission profile allows everyone execute dumpcap and read all network traffic"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SUSE Linux Enterprise Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "permissions",
"version_value": "081d081dcfaf61710bda34bc21c80c66276119aa"
}
]
}
}
]
},
"vendor_name": "SUSE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Malte Kraus of SUSE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The permission package in SUSE Linux Enterprise Server allowed all local users to run dumpcap in the \"easy\" permission profile and sniff network traffic. This issue affects: SUSE Linux Enterprise Server permissions versions starting from 85c83fef7e017f8ab7f8602d3163786d57344439 to 081d081dcfaf61710bda34bc21c80c66276119aa."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276: Incorrect Default Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1148788",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1148788"
},
{
"name": "openSUSE-SU-2020:0302",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00010.html"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1148788",
"defect": [
"1148788"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2019-3687",
"datePublished": "2020-01-24T08:25:14.454947Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T20:16:49.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
jvndb-2008-001043
Vulnerability from jvndb
Published
2008-06-13 17:11
Modified
2008-11-21 12:19
Summary
X.Org Foundation X server buffer overflow vulnerability
Details
X server provided by the X.Org Foundation contains a buffer overflow vulnerability.
The X.Org Foundation provides an open source implementation of the X Window System. The X server of this implementation contains a vulnerability in the handling of Portable Compiled Font (PCF) format fonts that can be exploited to cause a buffer overflow.
X.Org Foundation released the X.Org security advisory on January 17, 2008, and CERT/CC released VU#203220 on March 19, 2008 regarding this vulnerability issue.
Takuya Shiozaki of CODE blog (codeblog.org) reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
References
Impacted products
| ► | Vendor | Product | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-001043.html",
"dc:date": "2008-11-21T12:19+09:00",
"dcterms:issued": "2008-06-13T17:11+09:00",
"dcterms:modified": "2008-11-21T12:19+09:00",
"description": "X server provided by the X.Org Foundation contains a buffer overflow vulnerability. \r\n\r\nThe X.Org Foundation provides an open source implementation of the X Window System. The X server of this implementation contains a vulnerability in the handling of Portable Compiled Font (PCF) format fonts that can be exploited to cause a buffer overflow. \r\n\r\nX.Org Foundation released the X.Org security advisory on January 17, 2008, and CERT/CC released VU#203220 on March 19, 2008 regarding this vulnerability issue. \r\n\r\nTakuya Shiozaki of CODE blog (codeblog.org) reported this vulnerability to IPA. \r\nJPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-001043.html",
"sec:cpe": [
{
"#text": "cpe:/a:fujitsu:pc-x",
"@product": "FUJITSU PC-X",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:suse:suse_open_enterprise_server",
"@product": "Open Enterprise Server",
"@vendor": "SUSE",
"@version": "2.2"
},
{
"#text": "cpe:/a:suse:suse_sles",
"@product": "SUSE SLES",
"@vendor": "SUSE",
"@version": "2.2"
},
{
"#text": "cpe:/a:x.org:x.org_x11",
"@product": "X.Org X11",
"@vendor": "X.Org Foundation",
"@version": "2.2"
},
{
"#text": "cpe:/a:xfree86_project:xfree86",
"@product": "XFree86",
"@vendor": "XFree86 Project",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x",
"@product": "Apple Mac OS X",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x_server",
"@product": "Apple Mac OS X Server",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:canonical:ubuntu_linux",
"@product": "Ubuntu",
"@vendor": "Canonical",
"@version": "2.2"
},
{
"#text": "cpe:/o:fedoraproject:fedora",
"@product": "Fedora",
"@vendor": "Fedora Project",
"@version": "2.2"
},
{
"#text": "cpe:/o:gentoo:linux_x11",
"@product": "Gentoo Linux x11-base/xorg-server",
"@vendor": "Gentoo Foundation, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:gentoo:linux_x11-libs",
"@product": "Gentoo Linux x11-libs/libXfont",
"@vendor": "Gentoo Foundation, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:hp:hp-ux",
"@product": "HP-UX",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/o:ibm:aix",
"@product": "IBM AIX",
"@vendor": "IBM Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:mandriva:linux-xfree86",
"@product": "Mandriva Linux XFree86",
"@vendor": "Mandriva, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:mandriva:linux-xorg",
"@product": "Mandriva Linux xorg-x11",
"@vendor": "Mandriva, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:openbsd:openbsd",
"@product": "OpenBSD",
"@vendor": "OpenBSD",
"@version": "2.2"
},
{
"#text": "cpe:/o:opensuse_project:opensuse",
"@product": "openSUSE",
"@vendor": "openSUSE project",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_desktop",
"@product": "Red Hat Enterprise Linux Desktop",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:linux_advanced_workstation",
"@product": "Red Hat Linux Advanced Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:rhel_desktop_workstation",
"@product": "RHEL Desktop Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:sun:solaris",
"@product": "Sun Solaris",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:suse:linux_desktop",
"@product": "Novell Linux Desktop",
"@vendor": "SUSE",
"@version": "2.2"
},
{
"#text": "cpe:/o:suse:linux_enterprise_desktop",
"@product": "SUSE Linux Enterprise Desktop",
"@vendor": "SUSE",
"@version": "2.2"
},
{
"#text": "cpe:/o:suse:linux_enterprise_server",
"@product": "SUSE Linux Enterprise Server",
"@vendor": "SUSE",
"@version": "2.2"
},
{
"#text": "cpe:/o:suse:linux_pos",
"@product": "Novell Linux POS",
"@vendor": "SUSE",
"@version": "2.2"
},
{
"#text": "cpe:/o:suse:suse_linux",
"@product": "SUSE LINUX",
"@vendor": "SUSE",
"@version": "2.2"
},
{
"#text": "cpe:/o:suse:suse_sle_sdk",
"@product": "SLE SDK",
"@vendor": "SUSE",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.4",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2008-001043",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN88935101/index.html",
"@id": "JVN#88935101",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/tr/TRTA08-079A/index.html",
"@id": "TRTA08-079A",
"@source": "JVNTR"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0006",
"@id": "CVE-2008-0006",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0006",
"@id": "CVE-2008-0006",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/english/vuln/200806_XOrg_press_en.html",
"@id": "Security Alert for X.Org Foundation X Server Vulnerability",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "http://www.us-cert.gov/cas/alerts/SA08-079A.html",
"@id": "SA08-079A",
"@source": "CERT-SA"
},
{
"#text": "http://www.kb.cert.org/vuls/id/203220",
"@id": "VU#203220",
"@source": "CERT-VN"
},
{
"#text": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html",
"@id": "TA08-079A",
"@source": "CERT-TA"
},
{
"#text": "http://secunia.com/advisories/28532/",
"@id": "SA28532",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/27352",
"@id": "27352",
"@source": "BID"
},
{
"#text": "http://securitytracker.com/id?1019232",
"@id": "1019232",
"@source": "SECTRACK"
},
{
"#text": "http://www.frsirt.com/english/advisories/2008/0179",
"@id": "FrSIRT/ADV-2008-0179",
"@source": "FRSIRT"
},
{
"#text": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001043.html",
"@id": "JVNDB-2008-001043",
"@source": "JVNDB_Ja"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
}
],
"title": "X.Org Foundation X server buffer overflow vulnerability"
}