CVE-2019-3689

Priority
Description
The nfs-utils package in SUSE Linux Enterprise Server 12 before and
including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15
before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is
owned by statd:nogroup. This directory contains files owned and managed by
root. If statd is compromised, it can therefore trick processes running
with root privileges into creating/overwriting files anywhere on the
system.
Notes
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 19.04 (Disco Dingo):needs-triage
Ubuntu 19.10 (Eoan Ermine):needs-triage
Ubuntu 20.04 (Focal Fossa):needs-triage
More Information

Updated: 2019-10-24 00:14:15 UTC (commit 16e5c4d87c5f3788b618768306d692e77f84d251)