outdated entries in permissions profiles for /var/lib/pcp/tmp/* may cause security issues
CVE-2020-8025

6.1MEDIUM

Key Information:

Vendor: Suse
Status: Suse Linux Enterprise Server 12-sp4; Suse Linux Enterprise Server 15-ltss; Suse Linux Enterprise Server For SAP 15; Opensuse Leap 15.1
Vendor: CVE Published:; 7 August 2020

Summary

A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the pcp package to unintended settings. This issue affects: SUSE Linux Enterprise Server 12-SP4 permissions versions prior to 20170707-3.24.1. SUSE Linux Enterprise Server 15-LTSS permissions versions prior to 20180125-3.27.1. SUSE Linux Enterprise Server for SAP 15 permissions versions prior to 20180125-3.27.1. openSUSE Leap 15.1 permissions versions prior to 20181116-lp151.4.24.1. openSUSE Tumbleweed permissions versions prior to 20200624.

Affected Version(s)

openSUSE Leap 15.1 permissions < 20181116-lp151.4.24.1

openSUSE Tumbleweed permissions < 20200624

SUSE Linux Enterprise Server 12-SP4 permissions < 20170707-3.24.1

References

https://bugzilla.suse.com/show_bug.cgi?id=1171883

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 7, 2020
Vulnerability Reserved
Jan 27, 2020

Credit

Matthias Gerstner of SUSE