CVE-2019-3695 : What You Need to Know
CVE-2019-3695 involves a vulnerability in SUSE Linux Enterprise and openSUSE Leap, allowing local privilege escalation from user pcp to root. Learn about the impact, affected systems, and mitigation steps.
A vulnerability has been identified in the packaging of pcp in various versions of SUSE Linux Enterprise and openSUSE Leap, allowing local privilege escalation from user pcp to root.
Understanding CVE-2019-3695
This CVE involves an Improper Control of Generation of Code vulnerability in the pcp package across multiple SUSE Linux Enterprise and openSUSE Leap versions.
What is CVE-2019-3695?
CVE-2019-3695 is a security flaw that enables a user with the username "pcp" to execute code as the root user by placing it into the file /var/log/pcp/configs.sh.
The Impact of CVE-2019-3695
The vulnerability has a CVSS base score of 8.4, indicating a high severity issue with significant impacts on confidentiality, integrity, and availability.
Technical Details of CVE-2019-3695
This section provides detailed technical information about the vulnerability.
Vulnerability Description
The vulnerability allows the user pcp to run code as root by placing it into /var/log/pcp/configs.sh.
Affected Systems and Versions
- SUSE Linux Enterprise High Performance Computing 15-ESPOS: pcp versions prior to 3.11.9-5.8.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS: pcp versions prior to 3.11.9-5.8.1
- SUSE Linux Enterprise Module for Development Tools 15: pcp versions prior to 3.11.9-5.8.1
- SUSE Linux Enterprise Module for Development Tools 15-SP1: pcp versions prior to 4.3.1-3.5.3
- SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: pcp versions prior to 3.11.9-5.8.1
- SUSE Linux Enterprise Server 15-LTSS: pcp versions prior to 3.11.9-5.8.1
- SUSE Linux Enterprise Server for SAP 15: pcp versions prior to 3.11.9-5.8.1
- SUSE Linux Enterprise Software Development Kit 12-SP4: pcp versions prior to 3.11.9-6.14.1
- SUSE Linux Enterprise Software Development Kit 12-SP5: pcp versions prior to 3.11.9-6.14.1
- openSUSE Leap 15.1: pcp versions prior to 4.3.1-lp151.2.3.1
Exploitation Mechanism
The vulnerability allows the user pcp to escalate privileges to root by manipulating the /var/log/pcp/configs.sh file.
Mitigation and Prevention
To address CVE-2019-3695, follow these steps:
Immediate Steps to Take
- Update pcp to the patched versions provided by the respective vendors.
- Monitor system logs for any suspicious activities related to the pcp package.
Long-Term Security Practices
- Implement the principle of least privilege to restrict user capabilities.
- Regularly review and update access controls to prevent unauthorized actions.
Patching and Updates
- Apply the security patches released by SUSE and openSUSE to fix the vulnerability in the affected versions.