Code execution if run with command line switch -v
CVE-2018-19640

4.4MEDIUM

Key Information:

Vendor: Suse
Status: Supportutils
Vendor: CVE Published:; 5 March 2019

Summary

If the attacker manages to create files in the directory used to collect log files in supportutils before version 3.1-5.7.1 (e.g. with CVE-2018-19638) he can kill arbitrary processes on the local machine.

Affected Version(s)

supportutils < 3.1-5.7.1

References

https://bugzilla.suse.com/show_bug.cgi?id=1118463

x_refsource_CONFIRM

http://lists.opensuse.org/opensuse-security-announce/2019...

vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 5, 2019
Vulnerability Reserved
Nov 28, 2018

Credit

Johannes Segitz of SUSE