CVE-2019-3687

Description

The permission package in SUSE Linux Enterprise Server allowed all local users to run dumpcap in the "easy" permission profile and sniff network traffic. This issue affects: SUSE Linux Enterprise Server permissions versions starting from 85c83fef7e017f8ab7f8602d3163786d57344439 to 081d081dcfaf61710bda34bc21c80c66276119aa.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Affected products

SUSE / SUSE Linux Enterprise Serverpermissions – 081d081dcfaf61710bda34bc21c80c66276119aa

References

MISChttps://bugzilla.suse.com/show_bug.cgi?id=1148788
MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2020-03/msg00010.html