Unrated severityNVD Advisory· Published Mar 5, 2019· Updated Sep 17, 2024
User can overwrite arbitrary log files in support tar
CVE-2018-19638
Description
In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
31< 3.1-5.7.1+ 1 more
- (no CPE)range: < 3.1-5.7.1
- (no CPE)range: unspecified
- osv-coords29 versionspkg:rpm/opensuse/supportutils&distro=openSUSE%20Tumbleweedpkg:rpm/suse/hostinfo&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/hostinfo&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/hostinfo&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/hostinfo&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/hostinfo&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/hostinfo&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/hostinfo&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/hostinfo&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/hostinfo&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/hostinfo&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/hostinfo&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/supportutils&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/supportutils&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/supportutils&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/supportutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/supportutils&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/supportutils&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/supportutils&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/supportutils&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/supportutils&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/supportutils&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/supportutils&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/supportutils&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/supportutils&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/supportutils&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/supportutils&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/supportutils&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/supportutils&distro=SUSE%20OpenStack%20Cloud%207
< 3.1.17-2.2+ 28 more
- (no CPE)range: < 3.1.17-2.2
- (no CPE)range: < 1.0.1-19.5.1
- (no CPE)range: < 1.0.1-19.5.1
- (no CPE)range: < 1.0.1-19.5.1
- (no CPE)range: < 1.0.1-19.5.1
- (no CPE)range: < 1.0.1-19.5.1
- (no CPE)range: < 1.0.1-19.5.1
- (no CPE)range: < 1.0.1-19.5.1
- (no CPE)range: < 1.0.1-19.5.1
- (no CPE)range: < 1.0.1-19.5.1
- (no CPE)range: < 1.0.1-19.5.1
- (no CPE)range: < 1.0.1-19.5.1
- (no CPE)range: < 3.0-95.21.1
- (no CPE)range: < 3.0-95.21.1
- (no CPE)range: < 3.0-95.21.1
- (no CPE)range: < 3.1-5.7.1
- (no CPE)range: < 1.20-122.9.1
- (no CPE)range: < 1.20-122.9.1
- (no CPE)range: < 3.0-95.21.1
- (no CPE)range: < 3.0-95.21.1
- (no CPE)range: < 3.0-95.21.1
- (no CPE)range: < 3.0-95.21.1
- (no CPE)range: < 3.0-95.21.1
- (no CPE)range: < 3.0-95.21.1
- (no CPE)range: < 1.20-122.9.1
- (no CPE)range: < 3.0-95.21.1
- (no CPE)range: < 3.0-95.21.1
- (no CPE)range: < 3.0-95.21.1
- (no CPE)range: < 3.0-95.21.1
Patches
Vulnerability mechanics
References
2- lists.opensuse.org/opensuse-security-announce/2019-05/msg00018.htmlmitrevendor-advisoryx_refsource_SUSE
- bugzilla.suse.com/show_bug.cgimitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.