Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-15396

Опубликовано: 30 июн. 2020
Источник: debian
EPSS Низкий

Описание

In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
hylafaxfixed3:6.0.7-3.1package
hylafaxno-dsabusterpackage
hylafaxno-dsastretchpackage

Примечания

  • https://sourceforge.net/p/hylafax/HylaFAX+/2534/

EPSS

Процентиль: 23%
0.00073
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2020-15396

CVSS3: 7.8
ubuntu
больше 5 лет назад

In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root.

nvd логотип

CVE-2020-15396

CVSS3: 7.8
nvd
больше 5 лет назад

In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root.

github логотип

GHSA-wg48-gxwc-c947

CVSS3: 7.8
github
больше 3 лет назад

In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root.

suse-cvrf логотип

openSUSE-SU-2020:1210-1

suse-cvrf
больше 5 лет назад

Security update for hylafax+

suse-cvrf логотип

openSUSE-SU-2020:1209-1

suse-cvrf
больше 5 лет назад

Security update for hylafax+

EPSS

Процентиль: 23%
0.00073
Низкий