Vulnerabilities > CVE-2019-18899
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cacher-ng with root privileges. This can allow local attackers to influence the outcome of these operations. This issue affects: openSUSE Leap 15.1 apt-cacher-ng versions prior to 3.1-lp151.3.3.1.
Vulnerable Configurations
Nessus
NASL family | SuSE Local Security Checks |
NASL id | OPENSUSE-2020-124.NASL |
description | This update for apt-cacher-ng fixes the following issues : - CVE-2019-18899: Fixed a symlink attack which could allow to overwrite arbitrary data (boo#1157703). - CVE-2020-5202: Fixed an information leak if a local user won a race condition to listen to localhost:3142 (boo#1157706). |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 133345 |
published | 2020-01-30 |
reporter | This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/133345 |
title | openSUSE Security Update : apt-cacher-ng (openSUSE-2020-124) |
References
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00057.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00057.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00065.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00065.html
- https://bugzilla.suse.com/show_bug.cgi?id=1157703
- https://bugzilla.suse.com/show_bug.cgi?id=1157703