// For flags

CVE-2019-3689

nfs-utils: root-owned files stored in insecure /var/lib/nfs directory

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and managed by root. If statd is compromised, it can therefore trick processes running with root privileges into creating/overwriting files anywhere on the system.

El paquete nfs-utils en SUSE Linux Enterprise Server 12 en versiones anteriores e incluyendo la versión 1.3.0-34.18.1 y en SUSE Linux Enterprise Server 15 en versiones anteriores e incluyendo la versión 2.1.1-6.10.2, el directorio /var/lib/nfs es propiedad de statd:nogroup. Este directorio contiene archivos de propiedad y administrados por root. Si statd esta comprometido, puede engañar a los procesos que se ejecutan con privilegios de root para crear/sobrescribir archivos en cualquier parte del sistema si fs.protected_symlinks no está configurado.

*Credits: Malte Kraus of SUSE
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
Low
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-01-03 CVE Reserved
  • 2019-09-19 CVE Published
  • 2024-09-10 EPSS Updated
  • 2024-09-17 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-276: Incorrect Default Permissions
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux-nfs
Search vendor "Linux-nfs"
Nfs-utils
Search vendor "Linux-nfs" for product "Nfs-utils"
<= 1.3.0-34.18.1
Search vendor "Linux-nfs" for product "Nfs-utils" and version " <= 1.3.0-34.18.1"
-
Affected
in Suse
Search vendor "Suse"
Linux Enterprise Server
Search vendor "Suse" for product "Linux Enterprise Server"
12
Search vendor "Suse" for product "Linux Enterprise Server" and version "12"
-
Safe
Linux-nfs
Search vendor "Linux-nfs"
Nfs-utils
Search vendor "Linux-nfs" for product "Nfs-utils"
<= 2.1.1-6.10.2
Search vendor "Linux-nfs" for product "Nfs-utils" and version " <= 2.1.1-6.10.2"
-
Affected
in Suse
Search vendor "Suse"
Linux Enterprise Server
Search vendor "Suse" for product "Linux Enterprise Server"
15
Search vendor "Suse" for product "Linux Enterprise Server" and version "15"
-
Safe