mysql-systemd-helper allows setting 640 permissions of arbitrary files
CVE-2019-18901

5.1MEDIUM

Key Information:

Vendor: Suse
Status: Suse Linux Enterprise Server 12; Suse Linux Enterprise Server 15
Vendor: CVE Published:; 2 March 2020

What is CVE-2019-18901?

A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Linux Enterprise Server 12 mariadb versions prior to 10.2.31-3.25.1. SUSE Linux Enterprise Server 15 mariadb versions prior to 10.2.31-3.26.1.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SUSE Linux Enterprise Server 12 mariadb < 10.2.31-3.25.1

SUSE Linux Enterprise Server 15 mariadb < 10.2.31-3.26.1

References

http://lists.opensuse.org/opensuse-security-announce/2020...

vendor-advisoryx_refsource_SUSE

https://bugzilla.suse.com/show_bug.cgi?id=1160895

x_refsource_CONFIRM

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 2, 2020
Vulnerability Reserved
Nov 12, 2019

Credit

Matthias Gerstner

JSON

Suse

What is CVE-2019-18901?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.