CVE-2020-8019
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of syslog-ng of SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Module for Legacy Software 12, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server for SAP 12-SP1; openSUSE Backports SLE-15-SP1, openSUSE Leap 15.1 allowed local attackers controlling the user news to escalate their privileges to root. This issue affects: SUSE Linux Enterprise Debuginfo 11-SP3 syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Debuginfo 11-SP4 syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Module for Legacy Software 12 syslog-ng versions prior to 3.6.4-12.8.1. SUSE Linux Enterprise Point of Sale 11-SP3 syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Server 11-SP4-LTSS syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Server for SAP 12-SP1 syslog-ng versions prior to 3.6.4-12.8.1. openSUSE Backports SLE-15-SP1 syslog-ng versions prior to 3.19.1-bp151.4.6.1. openSUSE Leap 15.1 syslog-ng versions prior to 3.19.1-lp151.3.6.1.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SUSE | SUSE Linux Enterprise Debuginfo 11-SP3 | syslog-ng < 2.0.9-27.34.40.5.1 | affected |
| SUSE | SUSE Linux Enterprise Debuginfo 11-SP4 | syslog-ng < 2.0.9-27.34.40.5.1 | affected |
| SUSE | SUSE Linux Enterprise Module for Legacy Software 12 | syslog-ng < 3.6.4-12.8.1 | affected |
| SUSE | SUSE Linux Enterprise Point of Sale 11-SP3 | syslog-ng < 2.0.9-27.34.40.5.1 | affected |
| SUSE | SUSE Linux Enterprise Server 11-SP4-LTSS | syslog-ng < 2.0.9-27.34.40.5.1 | affected |
| SUSE | SUSE Linux Enterprise Server for SAP 12-SP1 | syslog-ng < 3.6.4-12.8.1 | affected |
| openSUSE | openSUSE Backports SLE-15-SP1 | syslog-ng < 3.19.1-bp151.4.6.1 | affected |
| openSUSE | openSUSE Leap 15.1 | syslog-ng < 3.19.1-lp151.3.6.1 | affected |
Weaknesses
- CWE-61: CWE-61: UNIX Symbolic Link (Symlink) Following
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.