Static temporary filename allows overwriting of files
CVE-2018-19637

2.8LOW

Key Information:

Vendor: Suse
Status: Supportutils
Vendor: CVE Published:; 5 March 2019

What is CVE-2018-19637?

Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supp_log, allowing local attackers to overwrite files on systems without symlink protection

Affected Version(s)

supportutils < 3.1-5.7.1

References

https://bugzilla.suse.com/show_bug.cgi?id=1117776

x_refsource_CONFIRM

http://lists.opensuse.org/opensuse-security-announce/2019...

vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:

2.8

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 5, 2019
Vulnerability Reserved
Nov 28, 2018

Credit

Vítězslav Čížek of SUSE