CVE-2020-7040
published 2020-01-21CVE-2020-7040: storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege…
high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that file.)
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | storebackup | < storebackup 3.2.1-2 (bookworm) | storebackup 3.2.1-2 (bookworm) |
| opensuse | backports_sle | — | — |
| opensuse | leap | — | — |
| storebackup | storebackup | <= 3.5 | — |
| storebackup | storebackup | >= 0 < 3.2.1-2 | 3.2.1-2 |
| storebackup | storebackup | >= 0 < 3.2.1-2 | 3.2.1-2 |
| storebackup | storebackup | >= 0 < 3.2.1-2 | 3.2.1-2 |
| storebackup | storebackup | >= 0 < 3.2.1-1+deb8u1build0.16.04.1 | 3.2.1-1+deb8u1build0.16.04.1 |
| storebackup | storebackup | >= 0 < 3.2.1-1+deb8u1build0.18.04.1 | 3.2.1-1+deb8u1build0.18.04.1 |
| storebackup | storebackup | >= 0 < 3.2.1-1+deb8u1build0.20.04.1 | 3.2.1-1+deb8u1build0.20.04.1 |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
osv8.1HIGH