Vulnerabilities > CVE-2019-3691 - Unspecified vulnerability in Opensuse Munge

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

opensuse

nessus

NVD

Published: 2020-01-23

Updated: 2024-11-21

Summary

A Symbolic Link (Symlink) Following vulnerability in the packaging of munge in SUSE Linux Enterprise Server 15; openSUSE Factory allowed local attackers to escalate privileges from user munge to root. This issue affects: SUSE Linux Enterprise Server 15 munge versions prior to 0.5.13-4.3.1. openSUSE Factory munge versions prior to 0.5.13-6.1.

Vulnerable Configurations

Part	Description	Count
Application	Opensuse Opensuse Munge - Opensuse Munge 0.0 Opensuse Munge 0.1 Opensuse Munge 0.2 Opensuse Munge 0.3 Opensuse Munge 0.4 Opensuse Munge 0.4.1 Opensuse Munge 0.4.2 Opensuse Munge 0.4.3 Opensuse Munge 0.5 Opensuse Munge 0.5.1 Opensuse Munge 0.5.2 Opensuse Munge 0.5.3 Opensuse Munge 0.5.4 Opensuse Munge 0.5.5 Opensuse Munge 0.5.6 Opensuse Munge 0.5.7 Opensuse Munge 0.5.8 Opensuse Munge 0.5.9 Opensuse Munge 0.5.10 Opensuse Munge 0.5.11 Opensuse Munge 0.5.12 Opensuse Munge 0.5.13 Opensuse Munge 0.5.13-4.3.1 Opensuse Factory -	25
OS	Suse Suse Suse Linux Enterprise Server 15	1

Nessus

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2019-3190-1.NASL
description	This update for munge fixes the following issues : Security issue fixed : CVE-2019-3691: Fixed a Local privilege escalation vulnerability which allowed escalation from munge to root (bsc#1155075). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	131759
published	2019-12-06
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/131759
title	SUSE SLED15 / SLES15 Security Update : munge (SUSE-SU-2019:3190-1)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2019:3190-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(131759); script_version("1.4"); script_cvs_date("Date: 2020/02/03"); script_cve_id("CVE-2019-3691"); script_name(english:"SUSE SLED15 / SLES15 Security Update : munge (SUSE-SU-2019:3190-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for munge fixes the following issues : Security issue fixed : CVE-2019-3691: Fixed a Local privilege escalation vulnerability which allowed escalation from munge to root (bsc#1155075). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1155075" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-3691/" ); # https://www.suse.com/support/update/announcement/2019/suse-su-20193190-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7604e1d4" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1:zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-3190=1 SUSE Linux Enterprise Module for HPC 15-SP1:zypper in -t patch SUSE-SLE-Module-HPC-15-SP1-2019-3190=1 SUSE Linux Enterprise Module for HPC 15:zypper in -t patch SUSE-SLE-Module-HPC-15-2019-3190=1" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-3691"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libmunge2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libmunge2-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libmunge2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:munge"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:munge-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:munge-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:munge-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/23"); script_set_attribute(attribute:"patch_publication_date", value:"2019/12/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S\|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED15\|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES15" && (! preg(pattern:"^(0\|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0/1", os_ver + " SP" + sp); if (os_ver == "SLED15" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP1", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"libmunge2-32bit-0.5.13-4.3.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"libmunge2-32bit-debuginfo-0.5.13-4.3.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"munge-devel-32bit-0.5.13-4.3.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"libmunge2-0.5.13-4.3.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"libmunge2-debuginfo-0.5.13-4.3.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"munge-0.5.13-4.3.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"munge-debuginfo-0.5.13-4.3.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"munge-debugsource-0.5.13-4.3.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"munge-devel-0.5.13-4.3.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"libmunge2-0.5.13-4.3.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"libmunge2-debuginfo-0.5.13-4.3.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"munge-0.5.13-4.3.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"munge-debuginfo-0.5.13-4.3.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"munge-devel-0.5.13-4.3.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"munge-debugsource-0.5.13-4.3.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"libmunge2-0.5.13-4.3.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"libmunge2-debuginfo-0.5.13-4.3.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"munge-0.5.13-4.3.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"munge-debuginfo-0.5.13-4.3.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"munge-debugsource-0.5.13-4.3.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"munge-devel-0.5.13-4.3.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"libmunge2-32bit-0.5.13-4.3.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"libmunge2-32bit-debuginfo-0.5.13-4.3.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"munge-devel-32bit-0.5.13-4.3.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"libmunge2-0.5.13-4.3.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"libmunge2-debuginfo-0.5.13-4.3.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"munge-0.5.13-4.3.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"munge-debuginfo-0.5.13-4.3.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"munge-devel-0.5.13-4.3.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"munge-debugsource-0.5.13-4.3.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "munge"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2020-1144-1.NASL
description	This update for munge to 0.5.14 fixes the following issues : Security issue fixed : CVE-2019-3691: Fixed a local privilege escalation during update (bsc#1155075) Non-security issue fixed : Add Provides for
last seen	2020-05-06
modified	2020-04-30
plugin id	136167
published	2020-04-30
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/136167
title	SUSE SLES12 Security Update : munge (SUSE-SU-2020:1144-1)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2020:1144-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(136167); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04"); script_cve_id("CVE-2019-3691"); script_name(english:"SUSE SLES12 Security Update : munge (SUSE-SU-2020:1144-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for munge to 0.5.14 fixes the following issues : Security issue fixed : CVE-2019-3691: Fixed a local privilege escalation during update (bsc#1155075) Non-security issue fixed : Add Provides for 'munge-libs' to package libmunge (bsc#1160075). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1155075" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1160075" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-3691/" ); # https://www.suse.com/support/update/announcement/2020/suse-su-20201144-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?89760de1" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Module for HPC 12 : zypper in -t patch SUSE-SLE-Module-HPC-12-2020-1144=1" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libmunge2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libmunge2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:munge"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:munge-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:munge-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:munge-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/23"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/30"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S\|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"libmunge2-0.5.14-3.6.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"libmunge2-debuginfo-0.5.14-3.6.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"munge-0.5.14-3.6.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"munge-debuginfo-0.5.14-3.6.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"munge-debugsource-0.5.14-3.6.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"munge-devel-0.5.14-3.6.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "munge"); }

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-2670.NASL
description	This update for munge fixes the following issues : Security issue fixed: - CVE-2019-3691: Fixed a Local privilege escalation vulnerability which allowed escalation from munge to root (bsc#1155075). This update was imported from the SUSE:SLE-15:Update update project.
last seen	2020-06-01
modified	2020-06-02
plugin id	131995
published	2019-12-12
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/131995
title	openSUSE Security Update : munge (openSUSE-2019-2670)

Summary

Vulnerable Configurations

Nessus

References