Description
The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and managed by root. If statd is compromised, it can therefore trick processes running with root privileges into creating/overwriting files anywhere on the system.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
Low
Affected products
- SUSE / SUSE Linux Enterprise Server 12before and including version 1.3.0-34.18.1 – before and including version 1.3.0-34.18.1
- SUSE / SUSE Linux Enterprise Server 15before and including version 2.1.1-6.10.2 – before and including version 2.1.1-6.10.2
References
- MISChttps://bugzilla.suse.com/show_bug.cgi?id=1150733
- MAILING_LISThttps://lists.debian.org/debian-lts-announce/2019/10/msg00026.html
- MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00071.html
- MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2019-11/msg00006.html
- MISChttps://git.linux-nfs.org/?p=steved/nfs-utils.git%3Ba=commitdiff%3Bh=fee2cc29e888f2ced6a76990923aef19d326dc0e
- VENDOR_ADVISORYhttps://usn.ubuntu.com/4400-1/