Common Weakness Enumeration

CWE-276

Allowed

Incorrect Default Permissions

Abstraction: Base · Status: Draft

During installation, installed file permissions are set to allow anyone to modify those files.

2039 vulnerabilities reference this CWE, most recent first.

CVE-2020-1985 (GCVE-0-2020-1985)

Vulnerability from cvelistv5 – Published: 2020-04-08 18:41 – Updated: 2024-09-16 18:28
VLAI
Title
Secdo: Incorrect Default Permissions
Summary
Incorrect Default Permissions on C:\Programdata\Secdo\Logs folder in Secdo allows local authenticated users to overwrite system files and gain escalated privileges. This issue affects all versions Secdo for Windows.
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
Vendor Product Version
Secdo Secdo Affected: all versions
Create a notification for this product.
Date Public
2020-04-08 00:00
Credits
We like to thank Eviatar Gerzi of CyberArk Labs Team for discovering and reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:54:00.336Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2020-1985"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Windows"
          ],
          "product": "Secdo",
          "vendor": "Secdo",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "We like to thank Eviatar Gerzi of CyberArk Labs Team for discovering and reporting this issue."
        }
      ],
      "datePublic": "2020-04-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect Default Permissions on C:\\Programdata\\Secdo\\Logs folder in Secdo allows local authenticated users to overwrite system files and gain escalated privileges. This issue affects all versions Secdo for Windows."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276 Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-08T18:41:58.000Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2020-1985"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "This product is no longer supported and the issue will not be fixed. Change permission on C:\\Programdata\\Secdo\\Logs folder to not allow unprivileged users access."
        }
      ],
      "source": {
        "defect": [
          "PDV-1614"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2020-04-08T00:00:00.000Z",
          "value": "Initial publication"
        }
      ],
      "title": "Secdo: Incorrect Default Permissions",
      "workarounds": [
        {
          "lang": "en",
          "value": "Change permission on C:\\Programdata\\Secdo\\Logs to not allow unprivileged users access."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@paloaltonetworks.com",
          "DATE_PUBLIC": "2020-04-08T16:00:00.000Z",
          "ID": "CVE-2020-1985",
          "STATE": "PUBLIC",
          "TITLE": "Secdo: Incorrect Default Permissions"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Secdo",
                      "version": {
                        "version_data": [
                          {
                            "platform": "Windows",
                            "version_affected": "=",
                            "version_value": "all versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Secdo"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "We like to thank Eviatar Gerzi of CyberArk Labs Team for discovering and reporting this issue."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Incorrect Default Permissions on C:\\Programdata\\Secdo\\Logs folder in Secdo allows local authenticated users to overwrite system files and gain escalated privileges. This issue affects all versions Secdo for Windows."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-276 Incorrect Default Permissions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.paloaltonetworks.com/CVE-2020-1985",
              "refsource": "MISC",
              "url": "https://security.paloaltonetworks.com/CVE-2020-1985"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "This product is no longer supported and the issue will not be fixed. Change permission on C:\\Programdata\\Secdo\\Logs folder to not allow unprivileged users access."
          }
        ],
        "source": {
          "defect": [
            "PDV-1614"
          ],
          "discovery": "EXTERNAL"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2020-04-08T00:00:00.000Z",
            "value": "Initial publication"
          }
        ],
        "work_around": [
          {
            "lang": "en",
            "value": "Change permission on C:\\Programdata\\Secdo\\Logs to not allow unprivileged users access."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2020-1985",
    "datePublished": "2020-04-08T18:41:58.303Z",
    "dateReserved": "2019-12-04T00:00:00.000Z",
    "dateUpdated": "2024-09-16T18:28:43.796Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-18900 (GCVE-0-2019-18900)

Vulnerability from cvelistv5 – Published: 2020-01-24 15:15 – Updated: 2024-09-16 20:52
VLAI
Title
libzypp stores cookies world readable
Summary
: Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies. This issue affects: SUSE CaaS Platform 3.0 libzypp versions prior to 16.21.2-27.68.1. SUSE Linux Enterprise Server 12 libzypp versions prior to 16.21.2-2.45.1. SUSE Linux Enterprise Server 15 17.19.0-3.34.1.
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
Vendor Product Version
SUSE CaaS Platform 3.0 Affected: libzypp , < 16.21.2-27.68.1 (custom)
Create a notification for this product.
SUSE SUSE Linux Enterprise Server 12 Affected: libzypp , < 16.21.2-2.45.1 (custom)
Create a notification for this product.
SUSE SUSE Linux Enterprise Server 15 Affected: libzypp 17.19.0-3.34.1
Create a notification for this product.
Date Public
2020-01-24 00:00
Credits
Matthias Gerstner of SUSE
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:02:39.846Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1158763"
          },
          {
            "name": "openSUSE-SU-2020:0255",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00036.html"
          },
          {
            "name": "[debian-lts-announce] 20200304 [SECURITY] [DLA 2132-1] libzypp security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00005.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CaaS Platform 3.0",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "16.21.2-27.68.1",
              "status": "affected",
              "version": "libzypp",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "SUSE Linux Enterprise Server 12",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "16.21.2-2.45.1",
              "status": "affected",
              "version": "libzypp",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "SUSE Linux Enterprise Server 15",
          "vendor": "SUSE",
          "versions": [
            {
              "status": "affected",
              "version": "libzypp 17.19.0-3.34.1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Matthias Gerstner of SUSE"
        }
      ],
      "datePublic": "2020-01-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": ": Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies. This issue affects: SUSE CaaS Platform 3.0 libzypp versions prior to 16.21.2-27.68.1. SUSE Linux Enterprise Server 12 libzypp versions prior to 16.21.2-2.45.1. SUSE Linux Enterprise Server 15 17.19.0-3.34.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276: Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-04T04:05:59.000Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1158763"
        },
        {
          "name": "openSUSE-SU-2020:0255",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00036.html"
        },
        {
          "name": "[debian-lts-announce] 20200304 [SECURITY] [DLA 2132-1] libzypp security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00005.html"
        }
      ],
      "source": {
        "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1158763",
        "defect": [
          "1158763"
        ],
        "discovery": "INTERNAL"
      },
      "title": "libzypp stores cookies world readable",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@suse.com",
          "DATE_PUBLIC": "2020-01-24T00:00:00.000Z",
          "ID": "CVE-2019-18900",
          "STATE": "PUBLIC",
          "TITLE": "libzypp stores cookies world readable"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "CaaS Platform 3.0",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "libzypp",
                            "version_value": "16.21.2-27.68.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SUSE Linux Enterprise Server 12",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "libzypp",
                            "version_value": "16.21.2-2.45.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SUSE Linux Enterprise Server 15",
                      "version": {
                        "version_data": [
                          {
                            "version_name": "libzypp",
                            "version_value": "17.19.0-3.34.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SUSE"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Matthias Gerstner of SUSE"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": ": Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies. This issue affects: SUSE CaaS Platform 3.0 libzypp versions prior to 16.21.2-27.68.1. SUSE Linux Enterprise Server 12 libzypp versions prior to 16.21.2-2.45.1. SUSE Linux Enterprise Server 15 17.19.0-3.34.1."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-276: Incorrect Default Permissions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.suse.com/show_bug.cgi?id=1158763",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1158763"
            },
            {
              "name": "openSUSE-SU-2020:0255",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00036.html"
            },
            {
              "name": "[debian-lts-announce] 20200304 [SECURITY] [DLA 2132-1] libzypp security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00005.html"
            }
          ]
        },
        "source": {
          "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1158763",
          "defect": [
            "1158763"
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2019-18900",
    "datePublished": "2020-01-24T15:15:15.806Z",
    "dateReserved": "2019-11-12T00:00:00.000Z",
    "dateUpdated": "2024-09-16T20:52:26.745Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-17103 (GCVE-0-2019-17103)

Vulnerability from cvelistv5 – Published: 2020-01-27 14:10 – Updated: 2024-09-16 19:09
VLAI
Title
Get-task-allow entitlement via BDLDaemon on macOS
Summary
An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories. This issue affects: Bitdefender AV for Mac versions prior to 8.0.0.
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
Vendor Product Version
Bitdefender Bitdefender AV for Mac Affected: unspecified , < 8.0.0 (custom)
Create a notification for this product.
Date Public
2019-12-30 00:00
Credits
Bugcrowd user Bohops
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:33:17.329Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.bitdefender.com/support/security-advisories/get-task-allow-entitlement-via-bdldaemon-macos-va-3448/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Bitdefender AV for Mac",
          "vendor": "Bitdefender",
          "versions": [
            {
              "lessThan": "8.0.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Bugcrowd user Bohops"
        }
      ],
      "datePublic": "2019-12-30T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories. This issue affects: Bitdefender AV for Mac versions prior to 8.0.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276 Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-27T14:10:17.000Z",
        "orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
        "shortName": "Bitdefender"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.bitdefender.com/support/security-advisories/get-task-allow-entitlement-via-bdldaemon-macos-va-3448/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Update Bitdefender AV for Mac to version 8.0.0 or higher."
        }
      ],
      "source": {
        "advisory": "VA-3448",
        "defect": [
          "VA-3448"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Get-task-allow entitlement via BDLDaemon on macOS",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve-requests@bitdefender.com",
          "DATE_PUBLIC": "2019-12-30T10:00:00.000Z",
          "ID": "CVE-2019-17103",
          "STATE": "PUBLIC",
          "TITLE": "Get-task-allow entitlement via BDLDaemon on macOS"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Bitdefender AV for Mac",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.0.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Bitdefender"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Bugcrowd user Bohops"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories. This issue affects: Bitdefender AV for Mac versions prior to 8.0.0."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-276 Incorrect Default Permissions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.bitdefender.com/support/security-advisories/get-task-allow-entitlement-via-bdldaemon-macos-va-3448/",
              "refsource": "MISC",
              "url": "https://www.bitdefender.com/support/security-advisories/get-task-allow-entitlement-via-bdldaemon-macos-va-3448/"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Update Bitdefender AV for Mac to version 8.0.0 or higher."
          }
        ],
        "source": {
          "advisory": "VA-3448",
          "defect": [
            "VA-3448"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
    "assignerShortName": "Bitdefender",
    "cveId": "CVE-2019-17103",
    "datePublished": "2020-01-27T14:10:17.721Z",
    "dateReserved": "2019-10-02T00:00:00.000Z",
    "dateUpdated": "2024-09-16T19:09:06.678Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-14861 (GCVE-0-2019-14861)

Vulnerability from cvelistv5 – Published: 2019-12-10 22:19 – Updated: 2024-08-05 00:26
VLAI
Summary
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that case-insensitively matched the name of the zone, the ldb_qsort() and dns_name_compare() routines could be confused into reading memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and so following invalid memory as a pointer.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Red Hat samba Affected: all versions 4.11.x before 4.11.3
Affected: all versions 4.10.x before 4.10.11
Affected: all versions 4.x.x before 4.9.17
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-14861",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T15:36:30.362174Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-25T15:37:11.263Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:26:39.136Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-4217-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4217-1/"
          },
          {
            "name": "USN-4217-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4217-2/"
          },
          {
            "name": "FEDORA-2019-be98a08835",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PJH3ROOFYMOATD2UEPC47P5RPBDTY77E/"
          },
          {
            "name": "openSUSE-SU-2019:2700",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00038.html"
          },
          {
            "name": "FEDORA-2019-11dddb785b",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNKA4YIPV7AZR7KK3GW6L3HKGHSGJZFE/"
          },
          {
            "name": "GLSA-202003-52",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202003-52"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14861"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20191210-0002/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.samba.org/samba/security/CVE-2019-14861.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.synology.com/security/advisory/Synology_SA_19_40"
          },
          {
            "name": "[debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html"
          },
          {
            "name": "[oss-security] 20240625 Re: Out-of-bounds read \u0026 write in the glibc\u0027s qsort()",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/06/24/3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "samba",
          "vendor": "Red Hat",
          "versions": [
            {
              "status": "affected",
              "version": "all versions 4.11.x before 4.11.3"
            },
            {
              "status": "affected",
              "version": "all versions 4.10.x before 4.10.11"
            },
            {
              "status": "affected",
              "version": "all versions 4.x.x before 4.9.17"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that case-insensitively matched the name of the zone, the ldb_qsort() and dns_name_compare() routines could be confused into reading memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and so following invalid memory as a pointer."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-25T01:05:54.054Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "USN-4217-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://usn.ubuntu.com/4217-1/"
        },
        {
          "name": "USN-4217-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://usn.ubuntu.com/4217-2/"
        },
        {
          "name": "FEDORA-2019-be98a08835",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PJH3ROOFYMOATD2UEPC47P5RPBDTY77E/"
        },
        {
          "name": "openSUSE-SU-2019:2700",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00038.html"
        },
        {
          "name": "FEDORA-2019-11dddb785b",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNKA4YIPV7AZR7KK3GW6L3HKGHSGJZFE/"
        },
        {
          "name": "GLSA-202003-52",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202003-52"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14861"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20191210-0002/"
        },
        {
          "url": "https://www.samba.org/samba/security/CVE-2019-14861.html"
        },
        {
          "url": "https://www.synology.com/security/advisory/Synology_SA_19_40"
        },
        {
          "name": "[debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html"
        },
        {
          "name": "[oss-security] 20240625 Re: Out-of-bounds read \u0026 write in the glibc\u0027s qsort()",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2024/06/24/3"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2019-14861",
    "datePublished": "2019-12-10T22:19:05.000Z",
    "dateReserved": "2019-08-10T00:00:00.000Z",
    "dateUpdated": "2024-08-05T00:26:39.136Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-3870 (GCVE-0-2019-3870)

Vulnerability from cvelistv5 – Published: 2019-04-09 15:17 – Updated: 2024-08-04 19:19
VLAI
Summary
A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update.
CWE
Assigner
Impacted products
Vendor Product Version
The Samba Project samba Affected: 4.9.6
Affected: 4.10.2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:19:18.603Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2019-cacf88eabf",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/"
          },
          {
            "name": "FEDORA-2019-db21b5f1d2",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.samba.org/samba/security/CVE-2019-3870.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.samba.org/show_bug.cgi?id=13834"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3870"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/security/advisory/Synology_SA_19_15"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K20804356"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "samba",
          "vendor": "The Samba Project",
          "versions": [
            {
              "status": "affected",
              "version": "4.9.6"
            },
            {
              "status": "affected",
              "version": "4.10.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-04T18:00:59.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "FEDORA-2019-cacf88eabf",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/"
        },
        {
          "name": "FEDORA-2019-db21b5f1d2",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.samba.org/samba/security/CVE-2019-3870.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.samba.org/show_bug.cgi?id=13834"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3870"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/security/advisory/Synology_SA_19_15"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K20804356"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2019-3870",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "samba",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.9.6"
                          },
                          {
                            "version_value": "4.10.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "The Samba Project"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "6.1/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-276"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "FEDORA-2019-cacf88eabf",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/"
            },
            {
              "name": "FEDORA-2019-db21b5f1d2",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/"
            },
            {
              "name": "https://www.samba.org/samba/security/CVE-2019-3870.html",
              "refsource": "MISC",
              "url": "https://www.samba.org/samba/security/CVE-2019-3870.html"
            },
            {
              "name": "https://bugzilla.samba.org/show_bug.cgi?id=13834",
              "refsource": "MISC",
              "url": "https://bugzilla.samba.org/show_bug.cgi?id=13834"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3870",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3870"
            },
            {
              "name": "https://www.synology.com/security/advisory/Synology_SA_19_15",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/security/advisory/Synology_SA_19_15"
            },
            {
              "name": "https://support.f5.com/csp/article/K20804356",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K20804356"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2019-3870",
    "datePublished": "2019-04-09T15:17:43.000Z",
    "dateReserved": "2019-01-03T00:00:00.000Z",
    "dateUpdated": "2024-08-04T19:19:18.603Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-3689 (GCVE-0-2019-3689)

Vulnerability from cvelistv5 – Published: 2019-09-19 13:27 – Updated: 2024-09-17 04:14
VLAI
Title
nfs-utils: root-owned files stored in insecure /var/lib/nfs directory
Summary
The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and managed by root. If statd is compromised, it can therefore trick processes running with root privileges into creating/overwriting files anywhere on the system.
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
Vendor Product Version
SUSE SUSE Linux Enterprise Server 12 Affected: before and including version 1.3.0-34.18.1
Create a notification for this product.
SUSE SUSE Linux Enterprise Server 15 Affected: before and including version 2.1.1-6.10.2
Create a notification for this product.
Date Public
2019-09-17 00:00
Credits
Malte Kraus of SUSE
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:19:17.496Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1150733"
          },
          {
            "name": "[debian-lts-announce] 20191019 [SECURITY] [DLA 1965-1] nfs-utils security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00026.html"
          },
          {
            "name": "openSUSE-SU-2019:2408",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00071.html"
          },
          {
            "name": "openSUSE-SU-2019:2435",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00006.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.linux-nfs.org/?p=steved/nfs-utils.git%3Ba=commitdiff%3Bh=fee2cc29e888f2ced6a76990923aef19d326dc0e"
          },
          {
            "name": "USN-4400-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4400-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SUSE Linux Enterprise Server 12",
          "vendor": "SUSE",
          "versions": [
            {
              "status": "affected",
              "version": "before and including version 1.3.0-34.18.1"
            }
          ]
        },
        {
          "product": "SUSE Linux Enterprise Server 15",
          "vendor": "SUSE",
          "versions": [
            {
              "status": "affected",
              "version": "before and including version 2.1.1-6.10.2"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Malte Kraus of SUSE"
        }
      ],
      "datePublic": "2019-09-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and managed by root. If statd is compromised, it can therefore trick processes running with root privileges into creating/overwriting files anywhere on the system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276 Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-02T16:06:23.000Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1150733"
        },
        {
          "name": "[debian-lts-announce] 20191019 [SECURITY] [DLA 1965-1] nfs-utils security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00026.html"
        },
        {
          "name": "openSUSE-SU-2019:2408",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00071.html"
        },
        {
          "name": "openSUSE-SU-2019:2435",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00006.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.linux-nfs.org/?p=steved/nfs-utils.git%3Ba=commitdiff%3Bh=fee2cc29e888f2ced6a76990923aef19d326dc0e"
        },
        {
          "name": "USN-4400-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4400-1/"
        }
      ],
      "source": {
        "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1150733",
        "defect": [
          "1150733"
        ],
        "discovery": "INTERNAL"
      },
      "title": "nfs-utils: root-owned files stored in insecure /var/lib/nfs directory",
      "x_generator": {
        "engine": "Vulnogram 0.0.8"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@suse.com",
          "DATE_PUBLIC": "2019-09-17T00:00:00.000Z",
          "ID": "CVE-2019-3689",
          "STATE": "PUBLIC",
          "TITLE": "nfs-utils: root-owned files stored in insecure /var/lib/nfs directory"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SUSE Linux Enterprise Server 12",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "before and including version 1.3.0-34.18.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SUSE Linux Enterprise Server 15",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "before and including version 2.1.1-6.10.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SUSE"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Malte Kraus of SUSE"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and managed by root. If statd is compromised, it can therefore trick processes running with root privileges into creating/overwriting files anywhere on the system."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.8"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-276 Incorrect Default Permissions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.suse.com/show_bug.cgi?id=1150733",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1150733"
            },
            {
              "name": "[debian-lts-announce] 20191019 [SECURITY] [DLA 1965-1] nfs-utils security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00026.html"
            },
            {
              "name": "openSUSE-SU-2019:2408",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00071.html"
            },
            {
              "name": "openSUSE-SU-2019:2435",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00006.html"
            },
            {
              "name": "https://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commitdiff;h=fee2cc29e888f2ced6a76990923aef19d326dc0e",
              "refsource": "MISC",
              "url": "https://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commitdiff;h=fee2cc29e888f2ced6a76990923aef19d326dc0e"
            },
            {
              "name": "USN-4400-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4400-1/"
            }
          ]
        },
        "source": {
          "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1150733",
          "defect": [
            "1150733"
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2019-3689",
    "datePublished": "2019-09-19T13:27:58.449Z",
    "dateReserved": "2019-01-03T00:00:00.000Z",
    "dateUpdated": "2024-09-17T04:14:20.947Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-3688 (GCVE-0-2019-3688)

Vulnerability from cvelistv5 – Published: 2019-10-07 14:00 – Updated: 2024-09-16 23:01
VLAI
Title
squid: /usr/sbin/pinger packaged with wrong permission
Summary
The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the squid user to gain persistence by changing the binary
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
Vendor Product Version
SUSE SUSE Linux Enterprise Server 15 Affected: squid , ≤ 4.8-5.8.1 (custom)
Create a notification for this product.
SUSE SUSE Linux Enterprise Server 12 Affected: squid , ≤ 3.5.21-26.17.1 (custom)
Create a notification for this product.
Date Public
2018-05-15 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:19:16.840Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1093414"
          },
          {
            "name": "openSUSE-SU-2019:2540",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html"
          },
          {
            "name": "openSUSE-SU-2019:2541",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
          },
          {
            "name": "openSUSE-SU-2019:2672",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00024.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SUSE Linux Enterprise Server 15",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThanOrEqual": "4.8-5.8.1",
              "status": "affected",
              "version": "squid",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "SUSE Linux Enterprise Server 12",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThanOrEqual": "3.5.21-26.17.1",
              "status": "affected",
              "version": "squid",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-05-15T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the squid user to gain persistence by changing the binary"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276 Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-11T15:06:12.000Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1093414"
        },
        {
          "name": "openSUSE-SU-2019:2540",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html"
        },
        {
          "name": "openSUSE-SU-2019:2541",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
        },
        {
          "name": "openSUSE-SU-2019:2672",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00024.html"
        }
      ],
      "source": {
        "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1093414",
        "defect": [
          "1093414"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "squid: /usr/sbin/pinger packaged with wrong permission",
      "x_generator": {
        "engine": "Vulnogram 0.0.8"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@suse.com",
          "DATE_PUBLIC": "2018-05-15T00:00:00.000Z",
          "ID": "CVE-2019-3688",
          "STATE": "PUBLIC",
          "TITLE": "squid: /usr/sbin/pinger packaged with wrong permission"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SUSE Linux Enterprise Server 15",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "squid",
                            "version_value": "4.8-5.8.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SUSE Linux Enterprise Server 12",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "squid",
                            "version_value": "3.5.21-26.17.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SUSE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the squid user to gain persistence by changing the binary"
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.8"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-276 Incorrect Default Permissions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.suse.com/show_bug.cgi?id=1093414",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1093414"
            },
            {
              "name": "openSUSE-SU-2019:2540",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html"
            },
            {
              "name": "openSUSE-SU-2019:2541",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
            },
            {
              "name": "openSUSE-SU-2019:2672",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00024.html"
            }
          ]
        },
        "source": {
          "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1093414",
          "defect": [
            "1093414"
          ],
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2019-3688",
    "datePublished": "2019-10-07T14:00:39.441Z",
    "dateReserved": "2019-01-03T00:00:00.000Z",
    "dateUpdated": "2024-09-16T23:01:09.236Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-3687 (GCVE-0-2019-3687)

Vulnerability from cvelistv5 – Published: 2020-01-24 08:25 – Updated: 2024-09-16 20:16
VLAI
Title
"easy" permission profile allows everyone execute dumpcap and read all network traffic
Summary
The permission package in SUSE Linux Enterprise Server allowed all local users to run dumpcap in the "easy" permission profile and sniff network traffic. This issue affects: SUSE Linux Enterprise Server permissions versions starting from 85c83fef7e017f8ab7f8602d3163786d57344439 to 081d081dcfaf61710bda34bc21c80c66276119aa.
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
Vendor Product Version
SUSE SUSE Linux Enterprise Server Affected: permissions , < 081d081dcfaf61710bda34bc21c80c66276119aa (custom)
Create a notification for this product.
Date Public
2019-08-30 00:00
Credits
Malte Kraus of SUSE
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:19:16.823Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1148788"
          },
          {
            "name": "openSUSE-SU-2020:0302",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00010.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SUSE Linux Enterprise Server",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "081d081dcfaf61710bda34bc21c80c66276119aa",
              "status": "affected",
              "version": "permissions",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Malte Kraus of SUSE"
        }
      ],
      "datePublic": "2019-08-30T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The permission package in SUSE Linux Enterprise Server allowed all local users to run dumpcap in the \"easy\" permission profile and sniff network traffic. This issue affects: SUSE Linux Enterprise Server permissions versions starting from 85c83fef7e017f8ab7f8602d3163786d57344439 to 081d081dcfaf61710bda34bc21c80c66276119aa."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276: Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-05T00:06:01.000Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1148788"
        },
        {
          "name": "openSUSE-SU-2020:0302",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00010.html"
        }
      ],
      "source": {
        "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1148788",
        "defect": [
          "1148788"
        ],
        "discovery": "INTERNAL"
      },
      "title": "\"easy\" permission profile allows everyone execute dumpcap and read all network traffic",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@suse.com",
          "DATE_PUBLIC": "2019-08-30T00:00:00.000Z",
          "ID": "CVE-2019-3687",
          "STATE": "PUBLIC",
          "TITLE": "\"easy\" permission profile allows everyone execute dumpcap and read all network traffic"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SUSE Linux Enterprise Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "permissions",
                            "version_value": "081d081dcfaf61710bda34bc21c80c66276119aa"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SUSE"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Malte Kraus of SUSE"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The permission package in SUSE Linux Enterprise Server allowed all local users to run dumpcap in the \"easy\" permission profile and sniff network traffic. This issue affects: SUSE Linux Enterprise Server permissions versions starting from 85c83fef7e017f8ab7f8602d3163786d57344439 to 081d081dcfaf61710bda34bc21c80c66276119aa."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-276: Incorrect Default Permissions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.suse.com/show_bug.cgi?id=1148788",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1148788"
            },
            {
              "name": "openSUSE-SU-2020:0302",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00010.html"
            }
          ]
        },
        "source": {
          "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1148788",
          "defect": [
            "1148788"
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2019-3687",
    "datePublished": "2020-01-24T08:25:14.454Z",
    "dateReserved": "2019-01-03T00:00:00.000Z",
    "dateUpdated": "2024-09-16T20:16:49.597Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-25359 (GCVE-0-2018-25359)

Vulnerability from cvelistv5 – Published: 2026-05-25 14:15 – Updated: 2026-05-26 13:19
VLAI
Title
Splinterware System Scheduler Pro 5.12 Privilege Escalation
Summary
Splinterware System Scheduler Pro 5.12 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by modifying service executable files. Attackers can rename the WService.exe file in the installation directory and replace it with a malicious executable that executes with LocalSystem privileges when the service is triggered.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
Impacted products
Date Public
2018-07-21 00:00
Credits
bzyo
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-25359",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-26T13:19:26.618731Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-26T13:19:38.461Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Splinterware System Scheduler Pro",
          "vendor": "Splinterware",
          "versions": [
            {
              "status": "affected",
              "version": "5.12"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "bzyo"
        }
      ],
      "datePublic": "2018-07-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Splinterware System Scheduler Pro 5.12 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by modifying service executable files. Attackers can rename the WService.exe file in the installation directory and replace it with a malicious executable that executes with LocalSystem privileges when the service is triggered."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS"
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-25T14:15:06.897Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "ExploitDB-45072",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/45072"
        },
        {
          "name": "Official Product Homepage",
          "tags": [
            "product"
          ],
          "url": "https://www.splinterware.com"
        },
        {
          "name": "VulnCheck Advisory: Splinterware System Scheduler Pro 5.12 Privilege Escalation",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/splinterware-system-scheduler-pro-privilege-escalation"
        }
      ],
      "title": "Splinterware System Scheduler Pro 5.12 Privilege Escalation",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2018-25359",
    "datePublished": "2026-05-25T14:15:06.897Z",
    "dateReserved": "2026-05-24T13:14:22.106Z",
    "dateUpdated": "2026-05-26T13:19:38.461Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2018-13287 (GCVE-0-2018-13287)

Vulnerability from cvelistv5 – Published: 2019-04-01 14:26 – Updated: 2024-09-16 20:17
VLAI
Summary
Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.
CWE
  • CWE-276 - Incorrect Default Permissions (CWE-276)
Assigner
References
Impacted products
Vendor Product Version
Synology Synology Router Manager (SRM) Affected: unspecified , < 1.1.7-6941-1 (custom)
Create a notification for this product.
Date Public
2019-03-31 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T09:00:34.595Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/security/advisory/Synology_SA_18_34"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Synology Router Manager (SRM)",
          "vendor": "Synology",
          "versions": [
            {
              "lessThan": "1.1.7-6941-1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-03-31T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "Incorrect Default Permissions (CWE-276)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-01T14:26:58.000Z",
        "orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
        "shortName": "synology"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/security/advisory/Synology_SA_18_34"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@synology.com",
          "DATE_PUBLIC": "2019-03-31T00:00:00",
          "ID": "CVE-2018-13287",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Synology Router Manager (SRM)",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "1.1.7-6941-1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Synology"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Incorrect Default Permissions (CWE-276)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.synology.com/security/advisory/Synology_SA_18_34",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/security/advisory/Synology_SA_18_34"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
    "assignerShortName": "synology",
    "cveId": "CVE-2018-13287",
    "datePublished": "2019-04-01T14:26:58.147Z",
    "dateReserved": "2018-07-05T00:00:00.000Z",
    "dateUpdated": "2024-09-16T20:17:15.528Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation MIT-1
Architecture and Design Operation

The architecture needs to access and modification attributes for files to only those users who actually require those actions.

Mitigation MIT-46
Architecture and Design

Strategy: Separation of Privilege

  • Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
  • Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs

In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.

CAPEC-127: Directory Indexing

An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.

CAPEC-81: Web Server Logs Tampering

Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.