2 results (0.004 seconds)

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1

A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the news user to root. This issue affects: SUSE Linux Enterprise Server 11-SP3 inn version inn-2.4.2-170.21.3.1 and prior versions. openSUSE Backports SLE-15-SP2 inn versions prior to 2.6.2. openSUSE Leap 15.2 inn versions prior to 2.6.2. Una vulnerabilidad de Permisos por Defecto Incorrectos en el empaquetado de inn de SUSE Linux Enterprise Server versión11-SP3; openSUSE Backports versión SLE-15-SP2, openSUSE Leap versión 15.2 permite a atacantes locales escalar sus privilegios del usuario de noticias a root. Este problema afecta a: SUSE Linux Enterprise Server versión 11-SP3 versión inn-2.4.2-170.21.3.1 y versiones anteriores. openSUSE Backports SLE-15-SP2 versiones inn anteriores a 2.6.2. openSUSE Leap 15.2 versiones inn anteriores a 2.6.2 • https://bugzilla.suse.com/show_bug.cgi?id=1182321 • CWE-276: Incorrect Default Permissions •

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1

The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enterprise Server 11 inn version 2.4.2-170.21.3.1 and prior versions. openSUSE Factory inn version 2.6.2-2.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.2.47 and prior versions. El empaquetado de inn en SUSE Linux Enterprise Server versión 11; openSUSE Factory, Leap versión 15.1, permite a atacantes locales escalar desde un usuario inn a root, mediante ataques de tipo symlink. Este problema afecta a: inn versión 2.4.2-170.21.3.1 y versiones anteriores, de SUSE Linux Enterprise Server versión 11. inn versión 2.6.2-2.2 y versiones anteriores, de openSUSE Factory . inn versión 2.5.4-lp151.2.47 y versiones anteriores de openSUSE Leap versión 15.1. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00028.html https://bugzilla.suse.com/show_bug.cgi?id=1154302 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •