Vulnerability CVE-2019-3687

Vulnerability Name:

CVE-2019-3687 (CCN-175482)

Assigned:

2019-01-03

Published:

2019-01-03

Updated:

2020-03-05

Summary:

The permission package in SUSE Linux Enterprise Server allowed all local users to run dumpcap in the "easy" permission profile and sniff network traffic. This issue affects: SUSE Linux Enterprise Server permissions versions starting from 85c83fef7e017f8ab7f8602d3163786d57344439 to 081d081dcfaf61710bda34bc21c80c66276119aa.

CVSS v3 Severity:

3.3 Low (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
2.9 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

3.3 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
2.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

1.9 Low (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

1.7 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-276

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2019-3687

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2020:0302

Source: CCN
Type: Bugzilla Bug 1148788
(CVE-2019-3687) VUL-0: CVE-2019-3687: permissions: easy profile allows everyone execute dumpcap and read all network traffic

Source: CONFIRM
Type: Issue Tracking, Vendor Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1148788

Source: XF
Type: UNKNOWN
suse-cve20193687-info-disc(175482)

Source: CCN
Type: SUSE Web site
Open Source Solutions for Enterprise Servers, Cloud & Storage

Vulnerable Configuration:

Configuration 1:

cpe:/o:suse:linux_enterprise_server:-:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:suse:linux_enterprise_server:10:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20193687	V	CVE-2019-3687	2023-06-22
oval:org.opensuse.security:def:7750	P	permissions-20201225-150400.5.16.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:3154	P	libapr1-1.5.1-4.5.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94784	P	permissions-20201225-150400.3.4 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:1809	P	Security update for the Linux Kernel (Important)	2022-06-14
oval:org.opensuse.security:def:271	P	permissions-20181224-23.3.1 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:1808	P	Security update for gimp (Moderate)	2022-06-13
oval:org.opensuse.security:def:1803	P	Security update for the Linux Kernel (Important)	2022-05-16
oval:org.opensuse.security:def:1796	P	Security update for MozillaThunderbird (Important)	2022-04-13
oval:org.opensuse.security:def:1200	P	Security update for libarchive (Moderate)	2022-03-24
oval:org.opensuse.security:def:1805	P	Security update for the Linux Kernel (Important)	2022-01-26
oval:org.opensuse.security:def:859	P	Security update for the Linux Kernel (Important)	2022-01-19
oval:org.opensuse.security:def:112063	P	chkstat-1550_20210901-29.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:1793	P	Security update for gegl (Important)	2021-12-31
oval:org.opensuse.security:def:1792	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:74754	P	Security update for log4j12 (Important)	2021-12-17
oval:org.opensuse.security:def:111518	P	Security update for permissions (Moderate)	2021-12-02
oval:org.opensuse.security:def:1787	P	Security update for the Linux Kernel (Important)	2021-11-11
oval:org.opensuse.security:def:69951	P	Security update for MozillaFirefox (Important)	2021-11-10
oval:org.opensuse.security:def:1784	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:1783	P	Security update for the Linux Kernel (Important)	2021-10-12
oval:org.opensuse.security:def:1782	P	Security update for ffmpeg (Moderate)	2021-10-06
oval:org.opensuse.security:def:105612	P	chkstat-1550_20210901-29.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:49451	P	Security update for php74-pear (Important)	2021-09-09
oval:org.opensuse.security:def:64567	P	Security update for gstreamer-plugins-good (Moderate)	2021-09-02
oval:org.opensuse.security:def:48315	P	supportutils-3.0.3-95.27.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48300	P	ruby-2.1-1.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48299	P	rtkit-0.11_git201205151338-8.14 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:63458	P	strongswan-nm-5.8.2-9.2 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:101047	P	permissions-20181224-23.3.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62784	P	libexiv2-26-0.26-6.8.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:72030	P	permissions-20181224-23.3.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62756	P	gtk2-data-2.24.32+67-2.28 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71800	P	dbus-1-1.12.2-8.3.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62752	P	gnome-settings-daemon-3.34.2+0-4.3.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62759	P	hplip-3.20.11-2.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62289	P	permissions-20181224-23.3.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:68344	P	Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP3) (Important)	2021-07-27
oval:org.opensuse.security:def:100628	P	(Important)	2021-06-18
oval:org.opensuse.security:def:48863	P	libpcrecpp0-32bit-8.39-7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:2447	P	gimp-2.8.22-3.42 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48770	P	finch-2.11.0-12.5 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48633	P	sysvinit-tools-2.88+-96.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48437	P	grub2-2.02~beta2-104.16 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:2451	P	gstreamer-plugins-ugly-1.12.5-1.35 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:64509	P	Security update for libX11 (Moderate)	2021-05-26
oval:org.opensuse.security:def:64679	P	Security update for permissions (Important)	2021-05-04
oval:org.opensuse.security:def:69846	P	Security update for tcmu-runner (Important)	2021-01-18
oval:org.opensuse.security:def:49300	P	Security update for python-paramiko (Important)	2021-01-07
oval:org.opensuse.security:def:74621	P	Security update for jetty-minimal (Moderate)	2020-12-22
oval:org.opensuse.security:def:116852	P	permissions-20181224-21.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:71684	P	perl-DBD-mysql-4.046-3.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:93915	P	permissions-20181224-21.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107294	P	permissions-20181224-21.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61948	P	permissions-20181224-21.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63605	P	NetworkManager-applet-1.8.24-5.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63255	P	apache2-mod_wsgi-python3-4.5.18-2.27 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:71689	P	permissions-20181224-21.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:49014	P	libiso9660-8-0.90-6.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62962	P	libpcp-devel-4.3.1-3.8.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:64407	P	libxml2-2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64163	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:66503	P	libopus0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:68447	P	Security update for permissions (Moderate)	2020-12-01
oval:org.opensuse.security:def:63834	P	Security update for cups (Important)	2020-12-01
oval:org.opensuse.security:def:49246	P	libtiff-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50887	P	Security update for permissions (Moderate)	2020-12-01
oval:org.opensuse.security:def:73168	P	libjpeg8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49321	P	qemu-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73286	P	permissions on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50830	P	Security update for permissions (Moderate)	2020-12-01
oval:org.opensuse.security:def:49554	P	libjbig2-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49386	P	MozillaFirefox on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49235	P	libsolv-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:65100	P	Security update for permissions (Moderate)	2020-12-01
oval:org.opensuse.security:def:49482	P	perl-Tk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64300	P	libXext-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:65010	P	Security update for libvirt (Important)	2020-12-01
oval:org.opensuse.security:def:64299	P	libXdmcp-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66595	P	permissions on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:110416	P	Security update for permissions (Moderate)	2020-03-04
oval:org.opensuse.security:def:97406	P	Security update for permissions (Moderate)	2020-02-28
oval:org.opensuse.security:def:90441	P	Security update for permissions (Moderate)	2020-02-28
oval:org.opensuse.security:def:104096	P	Security update for permissions (Moderate)	2020-02-28

BACK