CVE-2020-14367Link Following in Chrony

CWE-59Link FollowingCWE-22Path Traversal9 documents8 sources
Severity
6.0MEDIUMNVD
EPSS
0.3%
top 49.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Tuxfamily ChronyCanonical Ubuntu LinuxFedoraproject Fedora
Timeline
PublishedAug 24
Latest updateMay 24

Description

A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:HExploitability: 0.8 | Impact: 5.2

Affected Packages3 packages

NVDtuxfamily/chrony< 3.5.1
Debiantuxfamily/chrony< 3.5.1-1+3
CVEListV5tuxfamily/chronyAll chrony versions before 3.5.1

Also affects: Fedora 32, Ubuntu Linux 18.04, 20.04

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-73h7-c2xm-9mrv: A flaw was found in chrony versions before 32022-05-24
OSV
CVE-2020-14367: A flaw was found in chrony versions before 32020-08-24
CVEList
CVE-2020-14367: A flaw was found in chrony versions before 32020-08-24

📋Vendor Advisories

3
Ubuntu
Chrony vulnerability2020-08-27
Red Hat
chrony: Insecure writing to PID file2020-08-19
Debian
CVE-2020-14367: chrony - A flaw was found in chrony versions before 3.5.1 when creating the PID file unde...2020

💬Community

2
Bugzilla
CVE-2020-14367 chrony: Insecure writing to PID file [fedora-all]2020-08-19
Bugzilla
CVE-2020-14367 chrony: Insecure writing to PID file2020-08-19
CVE-2020-14367 — Link Following in Tuxfamily Chrony | cvebase