Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
890
VMScore

CVE-2019-3689

Published: 19/09/2019 Updated: 07/11/2023
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Linux-nfs

Vulnerability Summary

It exists that the nfs-utils package set incorrect permissions on the /var/lib/nfs directory. An attacker could possibly use this issue to escalate privileges.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux-nfs nfs-utils

Vendor Advisories

Debian CVElist Bug Report Logs: nfs-utils: CVE-2019-3689: root-owned files stored in insecure /var/lib/nfs
Debian Bug report logs - #940848 nfs-utils: CVE-2019-3689: root-owned files stored in insecure /var/lib/nfs Package: src:nfs-utils; Maintainer for src:nfs-utils is Debian kernel team <debian-kernel@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 20 Sep 2019 20:09:03 UTC Severity: n ...
Ubuntu Security Notice: nfs-utils vulnerability
nfs-utils could be made to overwrite files as the administrator ...

References

CWE-276https://bugzilla.suse.com/show_bug.cgi?id=1150733https://lists.debian.org/debian-lts-announce/2019/10/msg00026.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00071.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-11/msg00006.htmlhttps://usn.ubuntu.com/4400-1/https://git.linux-nfs.org/?p=steved/nfs-utils.git%3Ba=commitdiff%3Bh=fee2cc29e888f2ced6a76990923aef19d326dc0ehttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940848https://usn.ubuntu.com/4400-1/https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook