Vulnerabilities > CVE-2019-18898
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 | |
| OS | 2 | |
| OS | 1 |
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2020-15.NASL description This update for trousers fixes the following issues : - CVE-2019-18898: Fixed a local symlink attack where a rogue tss user could have gain ownership of arbitrary files in the system during installation/update of the trousers package (bsc#1157651). This update was imported from the SUSE:SLE-15-SP1:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 132906 published 2020-01-15 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132906 title openSUSE Security Update : trousers (openSUSE-2020-15) NASL family SuSE Local Security Checks NASL id OPENSUSE-2020-744.NASL description This update for trousers fixes the following issues : - CVE-2019-18898: Fixed a local symlink attack where a rogue tss user could have gain ownership of arbitrary files in the system during installation/update of the trousers package (bsc#1157651). This update was imported from the SUSE:SLE-15-SP1:Update update project. last seen 2020-06-06 modified 2020-06-01 plugin id 136996 published 2020-06-01 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136996 title openSUSE Security Update : trousers (openSUSE-2020-744) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-3349-1.NASL description This update for trousers fixes the following issues : CVE-2019-18898: Fixed a local symlink attack where a rogue tss user could have gain ownership of arbitrary files in the system during installation/update of the trousers package (bsc#1157651). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 132338 published 2019-12-20 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132338 title SUSE SLED15 / SLES15 Security Update : trousers (SUSE-SU-2019:3349-1)