Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

CVE-2019-3688 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceCVE-2019-3688

CVE-2019-3688

MEDIUM5.1

squid: /usr/sbin/pinger packaged with wrong permission

Published Oct 7, 2019

Modified 1 years ago

Details

The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the squid user to gain persistence by changing the binary

References

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00024.html

https://bugzilla.suse.com/show_bug.cgi?id=1093414

https://www.cve.org/CVERecord?id=CVE-2019-3688

CVSS Analysis

CVSS v3.1

5.1

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

LowI:L

Availability

LowA:L

5.1/CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Weakness Type (CWE)

Configuration

Incorrect Default Permissions

Ecosystems

Timeline

PublishedOct 7, 2019

ModifiedSep 16, 2024