2017.1359.5.1

CVSS 7.0 - HIGH

Attack vector

LOCAL

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

high complexity

opensuse

NVD

Published: 2020-04-02

Updated: 2024-11-21

Summary

A Race Condition Enabling Link Following vulnerability in the packaging of texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users to corrupt files or potentially escalate privileges. This issue affects: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 texlive-filesystem versions prior to 2017.135-9.5.1. SUSE Linux Enterprise Software Development Kit 12-SP4 texlive-filesystem versions prior to 2013.74-16.5.1. SUSE Linux Enterprise Software Development Kit 12-SP5 texlive-filesystem versions prior to 2013.74-16.5.1. openSUSE Leap 15.1 texlive-filesystem versions prior to 2017.135-lp151.8.3.1.

Vulnerable Configurations

Part	Description	Count
Application	Opensuse Opensuse Texlive Filesystem - Opensuse Texlive Filesystem 2013.74-16.5.1 Opensuse Texlive Filesystem 2017.135-9.5.1	3
OS	Suse Suse Linux Enterprise Desktop 15 Suse Linux Enterprise Software Development KIT 12	4
OS	Opensuse Opensuse Leap 15.1	1

Summary

Vulnerable Configurations

References