CVE-2019-3687
MEDIUMSUSE Linux Enterprise Server - Incorrect Default Permissions for dumpcap in Easy Permission Profile
Title source: llmDescription
The permission package in SUSE Linux Enterprise Server allowed all local users to run dumpcap in the "easy" permission profile and sniff network traffic. This issue affects: SUSE Linux Enterprise Server permissions versions starting from 85c83fef7e017f8ab7f8602d3163786d57344439 to 081d081dcfaf61710bda34bc21c80c66276119aa.
References (2)
Core 2
Core References
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.suse.com/show_bug.cgi?id=1148788
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00010.html
Scores
CVSS v3
4.0
EPSS
0.0008
EPSS Percentile
23.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-276
Status
published
Products (1)
suse/linux_enterprise_server
Published
Jan 24, 2020
Tracked Since
Feb 18, 2026