CVE-2019-3689
nfs-utils: root-owned files stored in insecure /var/lib/nfs directory
In short
The nfs-utils package stores root-owned files in a directory controlled by a non-root user (statd), allowing a compromised statd process to trick the system into creating or overwriting files as root. This can lead to unauthorized system modification and privilege escalation.
Technical detail
CWE-276 vulnerability in nfs-utils where /var/lib/nfs directory is owned by statd:nogroup but contains root-owned files. An attacker who compromises the statd daemon can leverage directory permissions to conduct symlink attacks or race conditions, tricking root processes into creating or overwriting arbitrary files on the system.
Summary generated and translated by AI from the official description.
The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and managed by root. If statd is compromised, it can therefore trick processes running with root privileges into creating/overwriting files anywhere on the system.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00071.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-11/msg00006.htmlhttps://bugzilla.suse.com/show_bug.cgi?id=1150733https://git.linux-nfs.org/?p=steved/nfs-utils.git%3Ba=commitdiff%3Bh=fee2cc29e888f2ced6a76990923aef19d326dc0ehttps://lists.debian.org/debian-lts-announce/2019/10/msg00026.htmlhttps://usn.ubuntu.com/4400-1/