// For flags

CVE-2019-3695

pcp: Local privilege escalation from user pcp to root

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows the user pcp to run code as root by placing it into /var/log/pcp/configs.sh This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1.

Una vulnerabilidad de Control Inapropiado de la Generación de Código en el empaquetado pcp de SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5, openSUSE Leap 15.1, permite a un usuario pcp ejecutar código como root al colocarlo en el archivo /var/log/pcp/configs.sh. Este problema afecta: a pcp de SUSE Linux Enterprise High Performance Computing 15-ESPOS versiones anteriores a 3.11.9-5.8.1. pcp de SUSE Linux Enterprise High Performance Computing 15-LTSS versiones anteriores a 3.11.9-5.8.1. pcp de SUSE Linux Enterprise Module for Development Tools 15 versiones anteriores a 4.3.1-3.5.3. pcp de SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 versiones anteriores a 3.11.9-5.8.1. pcp de SUSE Linux Enterprise Server 15-LTSS versiones anteriores a 3.11.9-5.8.1. pcp de SUSE Linux Enterprise Server para SAP de 15 versiones anteriores a 3.11.9-5.8.1. pcp de SUSE Linux Enterprise Software Development Kit 12-SP4 versiones anteriores a 3.11.9-6.14.1. pcp de SUSE Linux Enterprise Software Development Kit 12-SP5 versiones anteriores a 3.11.9-6.14.1. pcp de openSUSE Leap 15.1 versiones anteriores a 4.3.1-lp151.2.3.1.

*Credits: Johannes Segitz
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-01-03 CVE Reserved
  • 2020-03-03 CVE Published
  • 2023-07-07 EPSS Updated
  • 2024-09-16 CVE Updated
  • 2024-09-16 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Opensuse
Search vendor "Opensuse"
Pcp
Search vendor "Opensuse" for product "Pcp"
< 3.11.9-5.8.1
Search vendor "Opensuse" for product "Pcp" and version " < 3.11.9-5.8.1"
-
Affected
in Suse
Search vendor "Suse"
Linux Enterprise High Performance Computing
Search vendor "Suse" for product "Linux Enterprise High Performance Computing"
15.0
Search vendor "Suse" for product "Linux Enterprise High Performance Computing" and version "15.0"
espos
Safe
Opensuse
Search vendor "Opensuse"
Pcp
Search vendor "Opensuse" for product "Pcp"
< 3.11.9-5.8.1
Search vendor "Opensuse" for product "Pcp" and version " < 3.11.9-5.8.1"
-
Affected
in Suse
Search vendor "Suse"
Linux Enterprise High Performance Computing
Search vendor "Suse" for product "Linux Enterprise High Performance Computing"
15.0
Search vendor "Suse" for product "Linux Enterprise High Performance Computing" and version "15.0"
ltss
Safe
Opensuse
Search vendor "Opensuse"
Pcp
Search vendor "Opensuse" for product "Pcp"
< 3.11.9-5.8.1
Search vendor "Opensuse" for product "Pcp" and version " < 3.11.9-5.8.1"
-
Affected
in Suse
Search vendor "Suse"
Linux Enterprise Server
Search vendor "Suse" for product "Linux Enterprise Server"
15
Search vendor "Suse" for product "Linux Enterprise Server" and version "15"
-
Safe
Opensuse
Search vendor "Opensuse"
Pcp
Search vendor "Opensuse" for product "Pcp"
< 3.11.9-5.8.1
Search vendor "Opensuse" for product "Pcp" and version " < 3.11.9-5.8.1"
-
Affected
in Suse
Search vendor "Suse"
Linux Enterprise Server
Search vendor "Suse" for product "Linux Enterprise Server"
15
Search vendor "Suse" for product "Linux Enterprise Server" and version "15"
ltss
Safe
Opensuse
Search vendor "Opensuse"
Pcp
Search vendor "Opensuse" for product "Pcp"
< 3.11.9-5.8.1
Search vendor "Opensuse" for product "Pcp" and version " < 3.11.9-5.8.1"
-
Affected
in Suse
Search vendor "Suse"
Linux Enterprise Server
Search vendor "Suse" for product "Linux Enterprise Server"
15
Search vendor "Suse" for product "Linux Enterprise Server" and version "15"
sap
Safe
Opensuse
Search vendor "Opensuse"
Pcp
Search vendor "Opensuse" for product "Pcp"
< 4.3.1-3.5.3
Search vendor "Opensuse" for product "Pcp" and version " < 4.3.1-3.5.3"
-
Affected
in Suse
Search vendor "Suse"
Linux Enterprise Server
Search vendor "Suse" for product "Linux Enterprise Server"
15
Search vendor "Suse" for product "Linux Enterprise Server" and version "15"
sp1
Safe
Opensuse
Search vendor "Opensuse"
Pcp
Search vendor "Opensuse" for product "Pcp"
< 3.11.9-6.14.1
Search vendor "Opensuse" for product "Pcp" and version " < 3.11.9-6.14.1"
-
Affected
in Suse
Search vendor "Suse"
Linux Enterprise Software Development Kit
Search vendor "Suse" for product "Linux Enterprise Software Development Kit"
12
Search vendor "Suse" for product "Linux Enterprise Software Development Kit" and version "12"
sp4
Safe
Opensuse
Search vendor "Opensuse"
Pcp
Search vendor "Opensuse" for product "Pcp"
< 3.11.9-6.14.1
Search vendor "Opensuse" for product "Pcp" and version " < 3.11.9-6.14.1"
-
Affected
in Suse
Search vendor "Suse"
Linux Enterprise Software Development Kit
Search vendor "Suse" for product "Linux Enterprise Software Development Kit"
12
Search vendor "Suse" for product "Linux Enterprise Software Development Kit" and version "12"
sp5
Safe
Opensuse
Search vendor "Opensuse"
Pcp
Search vendor "Opensuse" for product "Pcp"
< 4.3.1-lp151.2.3.1
Search vendor "Opensuse" for product "Pcp" and version " < 4.3.1-lp151.2.3.1"
-
Affected
in Opensuse
Search vendor "Opensuse"
Leap
Search vendor "Opensuse" for product "Leap"
15.1
Search vendor "Opensuse" for product "Leap" and version "15.1"
-
Safe