CVE-2019-3689 — Incorrect Default Permissions in Nfs-utils

CWE-276 — Incorrect Default Permissions9 documents8 sources

Severity

9.8CRITICALNVD

CNA5.1

EPSS

0.3%

top 43.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux-nfs Nfs-utils Suse Linux Enterprise Server 12 Suse Linux Enterprise Server 15

Timeline

PublishedSep 19

Latest updateMay 24

Description

The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and managed by root. If statd is compromised, it can therefore trick processes running with root privileges into creating/overwriting files anywhere on the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5suse/suse_linux_enterprise_server_12before and including version 1.3.0-34.18.1

▶CVEListV5suse/suse_linux_enterprise_server_15before and including version 2.1.1-6.10.2

▶NVDlinux-nfs/nfs-utils1.3.0-34.18.1+1

Patches

Patch: bugzilla.suse.com ↗Patch: bugzilla.suse.com ↗

🔴Vulnerability Details

GHSA

GHSA-qh2q-m44h-cfm8: The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1↗2022-05-24

▶

CVEList

nfs-utils: root-owned files stored in insecure /var/lib/nfs directory↗2019-09-19

▶

OSV

CVE-2019-3689: The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1↗2019-09-19

▶

📋Vendor Advisories

Ubuntu

nfs-utils vulnerability↗2020-06-22

▶

Red Hat

nfs-utils: root-owned files stored in insecure /var/lib/nfs↗2019-09-17

▶

Debian

CVE-2019-3689: nfs-utils - The nfs-utils package in SUSE Linux Enterprise Server 12 before and including ve...↗2019

▶

💬Community

Bugzilla

CVE-2019-3689 nfs-utils: root-owned files stored in insecure /var/lib/nfs [fedora-all]↗2020-06-23

▶

Bugzilla

CVE-2019-3689 nfs-utils: root-owned files stored in insecure /var/lib/nfs↗2020-06-23

▶