CVE-2019-3689

2019-09-1900:00:00

ubuntu.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.014

Percentile

87.0%

JSON

The nfs-utils package in SUSE Linux Enterprise Server 12 before and
including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15
before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is
owned by statd:nogroup. This directory contains files owned and managed by
root. If statd is compromised, it can therefore trick processes running
with root privileges into creating/overwriting files anywhere on the
system.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchnfs-utils< 1:1.3.4-2.1ubuntu5.3UNKNOWN
ubuntu19.10noarchnfs-utils< 1:1.3.4-2.5ubuntu2.1UNKNOWN
ubuntu20.04noarchnfs-utils< 1:1.3.4-2.5ubuntu3.3UNKNOWN
ubuntu20.10noarchnfs-utils< 1:1.3.4-2.5ubuntu5UNKNOWN
ubuntu21.04noarchnfs-utils< 1:1.3.4-2.5ubuntu5UNKNOWN
ubuntu21.10noarchnfs-utils< 1:1.3.4-2.5ubuntu5UNKNOWN
ubuntu22.04noarchnfs-utils< 1:1.3.4-2.5ubuntu5UNKNOWN
ubuntu22.10noarchnfs-utils< 1:1.3.4-2.5ubuntu5UNKNOWN
ubuntu23.04noarchnfs-utils< 1:1.3.4-2.5ubuntu5UNKNOWN
ubuntu23.10noarchnfs-utils< 1:1.3.4-2.5ubuntu5UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	nfs-utils	< 1:1.3.4-2.1ubuntu5.3	UNKNOWN
ubuntu	19.10	noarch	nfs-utils	< 1:1.3.4-2.5ubuntu2.1	UNKNOWN
ubuntu	20.04	noarch	nfs-utils	< 1:1.3.4-2.5ubuntu3.3	UNKNOWN
ubuntu	20.10	noarch	nfs-utils	< 1:1.3.4-2.5ubuntu5	UNKNOWN
ubuntu	21.04	noarch	nfs-utils	< 1:1.3.4-2.5ubuntu5	UNKNOWN
ubuntu	21.10	noarch	nfs-utils	< 1:1.3.4-2.5ubuntu5	UNKNOWN
ubuntu	22.04	noarch	nfs-utils	< 1:1.3.4-2.5ubuntu5	UNKNOWN
ubuntu	22.10	noarch	nfs-utils	< 1:1.3.4-2.5ubuntu5	UNKNOWN
ubuntu	23.04	noarch	nfs-utils	< 1:1.3.4-2.5ubuntu5	UNKNOWN
ubuntu	23.10	noarch	nfs-utils	< 1:1.3.4-2.5ubuntu5	UNKNOWN