CVE-2019-3688

NameCVE-2019-3688
DescriptionThe /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the squid user to gain persistence by changing the binary
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
squid (PTS)bullseye4.13-10+deb11u3fixed
bullseye (security)4.13-10+deb11u6fixed
bookworm5.7-2+deb12u3fixed
bookworm (security)5.7-2+deb12u4fixed
trixie (security), trixie6.13-2+deb13u1fixed
forky, sid7.2-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
squidsource(unstable)(not affected)
squid3source(unstable)(not affected)

Notes

- squid <not-affected> (/usr/lib/squid/pinger permissions are root:root)
- squid3 <not-affected> (/usr/lib/squid/pinger permissions are root:root)
Search for package or bug name: Reporting problems