SuSE Linux Enterprise Server 15 /etc default permission

EntryeditHistoryDiffjsonxmlCTI

A vulnerability classified as critical was found in SuSE Linux Enterprise Server 15 (Operating System) (the affected version is unknown). This vulnerability affects some unknown functionality of the file /etc. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field05/04/2020 05:10 PM10/15/2020 08:23 AM10/15/2020 08:31 AM
vendorSuSESuSESuSE
nameLinux Enterprise Server 15Linux Enterprise Server 15Linux Enterprise Server 15
file/etc/etc/etc
risk222
cvss2_vuldb_basescore6.66.66.6
cvss2_vuldb_tempscore6.66.66.6
cvss2_vuldb_avLLL
cvss2_vuldb_acMMM
cvss2_vuldb_auSSS
cvss2_vuldb_ciCCC
cvss2_vuldb_iiCCC
cvss2_vuldb_aiCCC
cvss3_meta_basescore8.18.18.1
cvss3_meta_tempscore8.18.18.1
cvss3_vuldb_basescore7.87.87.8
cvss3_vuldb_tempscore7.87.87.8
cvss3_vuldb_avLLL
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cHHH
cvss3_vuldb_iHHH
cvss3_vuldb_aHHH
date1588550400 (05/04/2020)1588550400 (05/04/2020)1588550400 (05/04/2020)
locationBugzillaBugzillaBugzilla
typeBug ReportBug ReportBug Report
urlhttps://bugzilla.suse.com/show_bug.cgi?id=1163813https://bugzilla.suse.com/show_bug.cgi?id=1163813https://bugzilla.suse.com/show_bug.cgi?id=1163813
identifierBug 1163813Bug 1163813Bug 1163813
price_0day$5k-$25k$5k-$25k$5k-$25k
cveCVE-2020-8018CVE-2020-8018CVE-2020-8018
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss3_vuldb_rcXXX
cvss3_nvd_basescore8.48.48.4
typeOperating SystemOperating SystemOperating System
cwe276 (privilege escalation)276 (privilege escalation)276 (privilege escalation)
cvss3_nvd_avLLL
cvss3_nvd_acLLL
cvss3_nvd_prNNN
cvss3_nvd_uiNNN
cvss3_nvd_sUUU
cvss3_nvd_cHHH
cvss3_nvd_iHHH
cvss3_nvd_aHHH
cve_assigned158008320015800832001580083200
cve_nvd_summaryA Incorrect Default Permissions vulnerability in the SLES15-SP1-CHOST-BYOS and SLES15-SP1-CAP-Deployment-BYOS images of SUSE Linux Enterprise Server 15 SP1 allows local attackers with the UID 1000 to escalate to root due to a /etc directory owned by the user This issue affects: SUSE Linux Enterprise Server 15 SP1 SLES15-SP1-CAP-Deployment-BYOS version 1.0.1 and prior versions; SLES15-SP1-CHOST-BYOS versions prior to 1.0.3 and prior versions;A Incorrect Default Permissions vulnerability in the SLES15-SP1-CHOST-BYOS and SLES15-SP1-CAP-Deployment-BYOS images of SUSE Linux Enterprise Server 15 SP1 allows local attackers with the UID 1000 to escalate to root due to a /etc directory owned by the user This issue affects: SUSE Linux Enterprise Server 15 SP1 SLES15-SP1-CAP-Deployment-BYOS version 1.0.1 and prior versions; SLES15-SP1-CHOST-BYOS versions prior to 1.0.3 and prior versions;A Incorrect Default Permissions vulnerability in the SLES15-SP1-CHOST-BYOS and SLES15-SP1-CAP-Deployment-BYOS images of SUSE Linux Enterprise Server 15 SP1 allows local attackers with the UID 1000 to escalate to root due to a /etc directory owned by the user This issue affects: SUSE Linux Enterprise Server 15 SP1 SLES15-SP1-CAP-Deployment-BYOS version 1.0.1 and prior versions; SLES15-SP1-CHOST-BYOS versions prior to 1.0.3 and prior versions;
confirm_urlhttps://bugzilla.suse.com/show_bug.cgi?id=1163813https://bugzilla.suse.com/show_bug.cgi?id=1163813
cve_cnaSUSE

Interested in the pricing of exploits?

See the underground prices here!