The chkstat tool in the permissions package followed symlinks before commit a9e1d26cd49ef9ee0c2060c859321128a6dd4230 (please also check the additional hardenings after this fix). This allowed local attackers with control over a path that is traversed by chkstat to escalate privileges.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: suse
Published: 2019-12-05T15:30:15.557339Z
Updated: 2024-09-16T16:38:49.600Z
Reserved: 2019-01-03T00:00:00
Link: CVE-2019-3690
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-12-05T16:15:11.147
Modified: 2020-11-20T16:15:13.777
Link: CVE-2019-3690
Redhat
No data.