SUSE Leap 15.1 Improper Privilege Management Vulnerability

Summary

Fixed a symlink attack which could allow to overwrite arbitrary data (boo#1157703).

Credit:

The information has been provided by Vendor

The original article can be found at:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00057.html


Details

The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cacher-ng with root privileges. This can allow local attackers to influence the outcome of these operations. This issue affects: openSUSE Leap 15.1 apt-cacher-ng versions prior to 3.1-lp151.3.3.1.

 

Vulnerable Systems:

SUSE Leap 15.1

 

CVE Information:

CVE-2019-18899

 

Disclosure Timeline:
Published Date:1/23/2020

Categories: News