rpm package
suse/permissions&distro=SUSE Linux Enterprise Server 12 SP5
pkg:rpm/suse/permissions&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-31252 | — | < 20170707-6.10.1 | 20170707-6.10.1 | Oct 6, 2022 | A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location | ||
| CVE-2020-8013 | — | < 20170707-3.21.1 | 20170707-3.21.1 | Mar 2, 2020 | A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. The sy | ||
| CVE-2019-3690 | — | < 20170707-3.14.1 | 20170707-3.14.1 | Dec 5, 2019 | The chkstat tool in the permissions package followed symlinks before commit a9e1d26cd49ef9ee0c2060c859321128a6dd4230 (please also check the additional hardenings after this fix). This allowed local attackers with control over a path that is traversed by chkstat to escalate privil | ||
| CVE-2019-3688 | — | < 20170707-3.14.1 | 20170707-3.14.1 | Oct 7, 2019 | The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the sq |
- CVE-2022-31252Oct 6, 2022affected < 20170707-6.10.1fixed 20170707-6.10.1
A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location
- CVE-2020-8013Mar 2, 2020affected < 20170707-3.21.1fixed 20170707-3.21.1
A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. The sy
- CVE-2019-3690Dec 5, 2019affected < 20170707-3.14.1fixed 20170707-3.14.1
The chkstat tool in the permissions package followed symlinks before commit a9e1d26cd49ef9ee0c2060c859321128a6dd4230 (please also check the additional hardenings after this fix). This allowed local attackers with control over a path that is traversed by chkstat to escalate privil
- CVE-2019-3688Oct 7, 2019affected < 20170707-3.14.1fixed 20170707-3.14.1
The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the sq