CVE-2020-15396

Опубликовано: 30 июн. 2020

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00039.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00040.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00046.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00054.html
Mailing List
Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1173521
Exploit
Issue Tracking
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J52QFVREJWJ35YSEEDDRMZQ2LM2H2WE6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y46FOVJUS5SO44A2VEKR7DXEHTI4WK5L/
https://security.gentoo.org/glsa/202007-06
Third Party Advisory
https://sourceforge.net/p/hylafax/HylaFAX+/2534/
Patch
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00039.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00040.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00046.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00054.html
Mailing List
Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1173521
Exploit
Issue Tracking
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J52QFVREJWJ35YSEEDDRMZQ2LM2H2WE6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y46FOVJUS5SO44A2VEKR7DXEHTI4WK5L/
https://security.gentoo.org/glsa/202007-06
Third Party Advisory
https://sourceforge.net/p/hylafax/HylaFAX+/2534/
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hylafax\+_project:hylafax\+:*:*:*:*:*:*:*:*

Версия до 7.0.2 (включая)

Конфигурация 2

cpe:2.3:a:ifax:hylafax_enterprise:-:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*

cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

EPSS

Процентиль: 23%

0.00073

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-362

Связанные уязвимости

CVE-2020-15396

CVSS3: 7.8

ubuntu

больше 5 лет назад

CVE-2020-15396

CVSS3: 7.8

debian

больше 5 лет назад

In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility ...

GHSA-wg48-gxwc-c947

CVSS3: 7.8

github

больше 3 лет назад

openSUSE-SU-2020:1210-1

suse-cvrf

больше 5 лет назад

Security update for hylafax+

openSUSE-SU-2020:1209-1

suse-cvrf

больше 5 лет назад

Security update for hylafax+

EPSS

Процентиль: 23%

0.00073

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-362