CVE-2019-3693 : Security Advisory and Response
Learn about CVE-2019-3693, a vulnerability in SUSE Linux Enterprise Server and openSUSE Leap allowing local attackers to escalate privileges from 'wwwrun' to 'root' user. Find mitigation steps and impact details here.
A vulnerability was discovered in the way mailman was packaged in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12, and openSUSE Leap 15.1, allowing local attackers to escalate their privileges from the 'wwwrun' user to the 'root' user and modify arbitrary files to the 'mailman' group.
Understanding CVE-2019-3693
This CVE involves a local privilege escalation vulnerability in the packaging of mailman in specific versions of SUSE Linux Enterprise Server and openSUSE Leap.
What is CVE-2019-3693?
CVE-2019-3693 is a symlink following vulnerability in the mailman packaging of SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12, and openSUSE Leap 15.1. It enables local attackers to elevate their privileges from the 'wwwrun' user to the 'root' user and potentially modify files within the 'mailman' group.
The Impact of CVE-2019-3693
- CVSS Base Score: 7.7 (High)
- Severity: High
- Attack Vector: Local
- Confidentiality Impact: High
- Integrity Impact: High
- Privileges Required: None
- Scope: Unchanged
- User Interaction: None
- Attack Complexity: Low
- Availability Impact: None
Technical Details of CVE-2019-3693
This section provides detailed technical information about the vulnerability.
Vulnerability Description
The vulnerability allows local attackers to escalate privileges from the 'wwwrun' user to the 'root' user and modify files within the 'mailman' group.
Affected Systems and Versions
- SUSE Linux Enterprise Server 11: mailman versions earlier than 2.1.15-9.6.15.1
- SUSE Linux Enterprise Server 12: mailman versions earlier than 2.1.17-3.11.1
- openSUSE Leap 15.1: mailman version 2.1.29-lp151.2.14 and earlier
Exploitation Mechanism
The vulnerability allows local attackers to exploit symlink following issues in the mailman packaging, leading to privilege escalation and unauthorized file modifications.
Mitigation and Prevention
To address CVE-2019-3693, follow these mitigation strategies:
Immediate Steps to Take
- Update mailman to the patched versions provided by the respective vendors.
- Monitor system logs for any suspicious activities related to privilege escalation.
Long-Term Security Practices
- Implement the principle of least privilege to restrict user permissions.
- Regularly audit and review file permissions and ownership within the system.
Patching and Updates
- Apply security patches and updates for mailman as soon as they are released by the vendors.