CVE-2019-3696
pcp: Local privilege escalation from user pcp to root through migrate_tempdirs
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local user pcp to overwrite arbitrary files with arbitrary content. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1.
Una vulnerabilidad de LimitaciĆ³n Inapropiada de un Nombre de Ruta para un Directorio Restringido en el empaquetado de pcp de SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1, permite a un usuario local pcp sobrescribir archivos arbitrarios con contenido arbitrario. Este problema afecta a: pcp de SUSE Linux Enterprise High Performance Computing 15-ESPOS versiones anteriores a 3.11.9-5.8.1. pcp de SUSE Linux Enterprise High Performance Computing 15-LTSS versiones anteriores a 3.11.9-5.8.1. pcp de SUSE Linux Enterprise Module for Development Tools 15 versiones anteriores a 3.11.9-5.8.1. pcp de SUSE Linux Enterprise Module for Development Tools 15-SP1 versiones anteriores a 4.3.1-3.5.3. pcp de SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 versiones anteriores a 3.11.9-5.8.1. pcp de SUSE Linux Enterprise Server 15-LTSS versiones anteriores a 3.11.9-5.8.1. pcp de SUSE Linux Enterprise Server para SAP 15 versiones anteriores a 3.11.9-5.8.1. pcp de SUSE Linux Enterprise Software Development Kit 12-SP4 versiones anteriores a 3.11.9-6.14.1. pcp de SUSE Linux Enterprise Software Development Kit 12-SP5 versiones anteriores a 3.11.9-6.14.1. pcp de openSUSE Leap 15.1 versiones anteriores a 4.3.1-lp151.2.3.1.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-03 CVE Reserved
- 2020-03-03 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-16 CVE Updated
- 2024-09-16 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1153921 | 2024-09-16 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2019-3696 | 2020-09-29 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1811707 | 2020-09-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Opensuse Search vendor "Opensuse" | Pcp Search vendor "Opensuse" for product "Pcp" | < 3.11.9-5.8.1 Search vendor "Opensuse" for product "Pcp" and version " < 3.11.9-5.8.1" | - |
Affected
| in | Suse Search vendor "Suse" | Linux Enterprise High Performance Computing Search vendor "Suse" for product "Linux Enterprise High Performance Computing" | 15.0 Search vendor "Suse" for product "Linux Enterprise High Performance Computing" and version "15.0" | espos |
Safe
|
| Opensuse Search vendor "Opensuse" | Pcp Search vendor "Opensuse" for product "Pcp" | < 3.11.9-5.8.1 Search vendor "Opensuse" for product "Pcp" and version " < 3.11.9-5.8.1" | - |
Affected
| in | Suse Search vendor "Suse" | Linux Enterprise High Performance Computing Search vendor "Suse" for product "Linux Enterprise High Performance Computing" | 15.0 Search vendor "Suse" for product "Linux Enterprise High Performance Computing" and version "15.0" | ltss |
Safe
|
| Opensuse Search vendor "Opensuse" | Pcp Search vendor "Opensuse" for product "Pcp" | < 3.11.9-5.8.1 Search vendor "Opensuse" for product "Pcp" and version " < 3.11.9-5.8.1" | - |
Affected
| in | Suse Search vendor "Suse" | Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server" | 15 Search vendor "Suse" for product "Linux Enterprise Server" and version "15" | - |
Safe
|
| Opensuse Search vendor "Opensuse" | Pcp Search vendor "Opensuse" for product "Pcp" | < 3.11.9-5.8.1 Search vendor "Opensuse" for product "Pcp" and version " < 3.11.9-5.8.1" | - |
Affected
| in | Suse Search vendor "Suse" | Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server" | 15 Search vendor "Suse" for product "Linux Enterprise Server" and version "15" | ltss |
Safe
|
| Opensuse Search vendor "Opensuse" | Pcp Search vendor "Opensuse" for product "Pcp" | < 3.11.9-5.8.1 Search vendor "Opensuse" for product "Pcp" and version " < 3.11.9-5.8.1" | - |
Affected
| in | Suse Search vendor "Suse" | Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server" | 15 Search vendor "Suse" for product "Linux Enterprise Server" and version "15" | sap |
Safe
|
| Opensuse Search vendor "Opensuse" | Pcp Search vendor "Opensuse" for product "Pcp" | < 4.3.1-3.5.3 Search vendor "Opensuse" for product "Pcp" and version " < 4.3.1-3.5.3" | - |
Affected
| in | Suse Search vendor "Suse" | Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server" | 15 Search vendor "Suse" for product "Linux Enterprise Server" and version "15" | sp1 |
Safe
|
| Opensuse Search vendor "Opensuse" | Pcp Search vendor "Opensuse" for product "Pcp" | < 3.11.9-6.14.1 Search vendor "Opensuse" for product "Pcp" and version " < 3.11.9-6.14.1" | - |
Affected
| in | Suse Search vendor "Suse" | Linux Enterprise Software Development Kit Search vendor "Suse" for product "Linux Enterprise Software Development Kit" | 12 Search vendor "Suse" for product "Linux Enterprise Software Development Kit" and version "12" | sp4 |
Safe
|
| Opensuse Search vendor "Opensuse" | Pcp Search vendor "Opensuse" for product "Pcp" | < 3.11.9-6.14.1 Search vendor "Opensuse" for product "Pcp" and version " < 3.11.9-6.14.1" | - |
Affected
| in | Suse Search vendor "Suse" | Linux Enterprise Software Development Kit Search vendor "Suse" for product "Linux Enterprise Software Development Kit" | 12 Search vendor "Suse" for product "Linux Enterprise Software Development Kit" and version "12" | sp5 |
Safe
|
| Opensuse Search vendor "Opensuse" | Pcp Search vendor "Opensuse" for product "Pcp" | < 4.3.1-lp151.2.3.1 Search vendor "Opensuse" for product "Pcp" and version " < 4.3.1-lp151.2.3.1" | - |
Affected
| in | Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Safe
|