CVE-2018-19640

Description

If the attacker manages to create files in the directory used to collect log files in supportutils before version 3.1-5.7.1 (e.g. with CVE-2018-19638) he can kill arbitrary processes on the local machine.

CVSS breakdown

CVSS 3.0

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected products

SUSE / supportutilsunspecified – 3.1-5.7.1

References

MISChttps://bugzilla.suse.com/show_bug.cgi?id=1118463
MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2019-05/msg00018.html