Vulnerabilities > CVE-2019-18899

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
local
low complexity
apt-cacher-ng-project
opensuse
nessus

Summary

The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cacher-ng with root privileges. This can allow local attackers to influence the outcome of these operations. This issue affects: openSUSE Leap 15.1 apt-cacher-ng versions prior to 3.1-lp151.3.3.1.

Vulnerable Configurations

Part Description Count
Application
Apt-Cacher-Ng_Project
65
OS
Opensuse
2

Nessus

NASL familySuSE Local Security Checks
NASL idOPENSUSE-2020-124.NASL
descriptionThis update for apt-cacher-ng fixes the following issues : - CVE-2019-18899: Fixed a symlink attack which could allow to overwrite arbitrary data (boo#1157703). - CVE-2020-5202: Fixed an information leak if a local user won a race condition to listen to localhost:3142 (boo#1157706).
last seen2020-06-01
modified2020-06-02
plugin id133345
published2020-01-30
reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/133345
titleopenSUSE Security Update : apt-cacher-ng (openSUSE-2020-124)