CVE-2020-7040 — Link Following in Storebackup

CWE-59 — Link Following7 documents6 sources

Severity

8.1HIGHNVD

EPSS

5.2%

top 10.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

5

Storebackup Canonical Ubuntu Linux Debian Linux +2 more

Timeline

PublishedJan 21

Latest updateMay 24

Description

storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that file.)

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages5 packages

▶Debianstorebackup/storebackup< 3.2.1-2+2

▶Ubuntustorebackup/storebackup< 3.2.1-1+deb8u1build0.16.04.1+2

▶NVDstorebackup/storebackup3.5

▶NVDopensuse/leap15.1

▶NVDopensuse/backports_sle15.0

Also affects: Debian Linux 8.0, Ubuntu Linux 16.04, 18.04, 20.04

Patches

Patch: lists.opensuse.org ↗Patch: lists.opensuse.org ↗

🔴Vulnerability Details

4

GHSA

GHSA-gc95-jc79-5q6h: storeBackup↗2022-05-24

▶

OSV

storebackup vulnerability↗2020-09-16

▶

CVEList

CVE-2020-7040: storeBackup↗2020-01-21

▶

OSV

CVE-2020-7040: storeBackup↗2020-01-21

▶

📋Vendor Advisories

2

Ubuntu

StoreBackup vulnerability↗2020-09-16

▶

Debian

CVE-2020-7040: storebackup - storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pa...↗2020

▶

CVE-2020-7040 — Link Following in Storebackup | cvebase