trousers: Local privilege escalation from tss to root
CVE-2019-18898
7.7HIGH
Key Information:
- Vendor
Suse
- Vendor
- CVE Published:
- 23 January 2020
What is CVE-2019-18898?
UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1.
Affected Version(s)
Factory trousers < 0.3.14-7.1
SUSE Linux Enterprise Server 15 SP1 trousers < 0.3.14-6.3.1