Race Condition Vulnerability in SQLiteODBC Affects Linux Distributions
CVE-2020-12050

7HIGH

Key Information:

Vendor
Fedoraproject
Status
Fedora
Backports Sle
Vendor
CVE Published:
30 April 2020

Summary

SQLiteODBC, specifically version 0.9996-4 as packaged for certain Linux distributions, is vulnerable to a race condition that could lead to unauthorized root privilege escalation. This vulnerability allows any user to replace a temporary file used during the operation of SQLiteODBC, enabling the loading of an arbitrary library. This could potentially result in malicious code execution with elevated privileges, compromising system security. Users are advised to update to the latest version to mitigate this risk.

References

https://sysdream.com/news/lab/
x_refsource_MISC
http://www.ch-werner.de/sqliteodbc/
x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.