CVE-2017-15638 - The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux Enterprise (SLE) Desktop 12 SP2, Serve

CVE-2017-15638

Summary

The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux Enterprise (SLE) Desktop 12 SP2, Server 12 SP2, and Server for Raspberry Pi 12 SP2; before 3.6.312.333-3.10.1 in SLE Desktop 12 SP3 and Server 12 SP3; before 3.6_SVNr208-2.18.3.1 in SLE Server 11 SP4; before 3.6.312-5.9.1 in openSUSE Leap 42.2; and before 3.6.312.333-7.1 in openSUSE Leap 42.3 might allow remote attackers to bypass intended access restrictions on the portmap service by leveraging a missing source net restriction for _rpc_ services.

References

http://lists.opensuse.org/opensuse-updates/2017-11/msg00014.html

Vulnerable Configurations

cpe:2.3:a:suse:susefirewall2:-:*:*:*:*:*:*:*
cpe:2.3:a:suse:susefirewall2:-:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:12:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:12:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:12:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:12:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server_for_raspberry_pi:12:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server_for_raspberry_pi:12:sp2:*:*:*:*:*:*

CVSS

Base:	6.4 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:P

refmap via4

suse

openSUSE-SU-2017:2940

Last major update

03-10-2019 - 00:03

Published

10-11-2017 - 02:29

Last modified

03-10-2019 - 00:03