permissions: chkstat sets unintended setuid/capabilities for mrsh and wodim
CVE-2020-8013

2.2LOW

Key Information:

Vendor: Suse
Status: Suse Linux Enterprise Server 12; Suse Linux Enterprise Server 15; Suse Linux Enterprise Server 11
Vendor: CVE Published:; 2 March 2020

What is CVE-2020-8013?

A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. The symlinks can't be controlled by attackers on default systems, so exploitation is difficult. This issue affects: SUSE Linux Enterprise Server 12 permissions versions prior to 2015.09.28.1626-17.27.1. SUSE Linux Enterprise Server 15 permissions versions prior to 20181116-9.23.1. SUSE Linux Enterprise Server 11 permissions versions prior to 2013.1.7-0.6.12.1.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SUSE Linux Enterprise Server 11 permissions < 2013.1.7-0.6.12.1

SUSE Linux Enterprise Server 12 permissions < 2015.09.28.1626-17.27.1

SUSE Linux Enterprise Server 15 permissions < 20181116-9.23.1

References

http://lists.opensuse.org/opensuse-security-announce/2020...

vendor-advisoryx_refsource_SUSE

https://bugzilla.suse.com/show_bug.cgi?id=1163922

x_refsource_CONFIRM

CVSS V3.1

Score:

2.2

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 2, 2020
Vulnerability Reserved
Jan 27, 2020

JSON

Suse