Code execution if run with command line switch -v
CVE-2018-19639

6.7MEDIUM

Key Information:

Vendor
Suse
Vendor
CVE Published:
5 March 2019

Summary

If supportutils before version 3.1-5.7.1 is run with -v to perform rpm verification and the attacker manages to manipulate the rpm listing (e.g. with CVE-2018-19638) he can execute arbitrary commands as root.

Affected Version(s)

supportutils < 3.1-5.7.1

References

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Johannes Segitz of SUSE
.