CVE-2020-11081 - OpenCVE

osquery before version 4.4.0 enables a privilege escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables local escalation. This is fixed in version 4.4.0.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linuxfoundation	Osquery

Configuration 1 [-]

cpe:2.3:a:linuxfoundation:osquery:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/osquery/osquery/commit/4d4957f12a6aa0becc9d01d9f97061e1e3d809c5
https://github.com/osquery/osquery/issues/6426
https://github.com/osquery/osquery/pull/6433
https://github.com/osquery/osquery/releases/tag/4.4.0
https://github.com/osquery/osquery/security/advisories/GHSA-2xwp-8fv7-c5pm

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2020-07-10T18:45:16

Updated: 2024-08-04T11:21:14.829Z

Reserved: 2020-03-30T00:00:00

Link: CVE-2020-11081

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-07-10T19:15:11.553

Modified: 2023-01-20T20:32:50.900

Link: CVE-2020-11081

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "osquery", "vendor": "osquery", "versions": [{"status": "affected", "version": "< 4.4.0"}]}], "descriptions": [{"lang": "en", "value": "osquery before version 4.4.0 enables a privilege escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables local escalation. This is fixed in version 4.4.0."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-114", "description": "CWE-114: Process Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-09-17T16:52:34", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/osquery/osquery/security/advisories/GHSA-2xwp-8fv7-c5pm"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/osquery/osquery/issues/6426"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/osquery/osquery/pull/6433"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/osquery/osquery/commit/4d4957f12a6aa0becc9d01d9f97061e1e3d809c5"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/osquery/osquery/releases/tag/4.4.0"}], "source": {"advisory": "GHSA-2xwp-8fv7-c5pm", "discovery": "UNKNOWN"}, "title": "osquery susceptible to DLL search order hijacking of zlib1.dll", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-11081", "STATE": "PUBLIC", "TITLE": "osquery susceptible to DLL search order hijacking of zlib1.dll"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "osquery", "version": {"version_data": [{"version_value": "< 4.4.0"}]}}]}, "vendor_name": "osquery"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "osquery before version 4.4.0 enables a privilege escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables local escalation. This is fixed in version 4.4.0."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-114: Process Control"}]}]}, "references": {"reference_data": [{"name": "https://github.com/osquery/osquery/security/advisories/GHSA-2xwp-8fv7-c5pm", "refsource": "CONFIRM", "url": "https://github.com/osquery/osquery/security/advisories/GHSA-2xwp-8fv7-c5pm"}, {"name": "https://github.com/osquery/osquery/issues/6426", "refsource": "MISC", "url": "https://github.com/osquery/osquery/issues/6426"}, {"name": "https://github.com/osquery/osquery/pull/6433", "refsource": "MISC", "url": "https://github.com/osquery/osquery/pull/6433"}, {"name": "https://github.com/osquery/osquery/commit/4d4957f12a6aa0becc9d01d9f97061e1e3d809c5", "refsource": "MISC", "url": "https://github.com/osquery/osquery/commit/4d4957f12a6aa0becc9d01d9f97061e1e3d809c5"}, {"name": "https://github.com/osquery/osquery/releases/tag/4.4.0", "refsource": "MISC", "url": "https://github.com/osquery/osquery/releases/tag/4.4.0"}]}, "source": {"advisory": "GHSA-2xwp-8fv7-c5pm", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:21:14.829Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/osquery/osquery/security/advisories/GHSA-2xwp-8fv7-c5pm"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/osquery/osquery/issues/6426"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/osquery/osquery/pull/6433"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/osquery/osquery/commit/4d4957f12a6aa0becc9d01d9f97061e1e3d809c5"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/osquery/osquery/releases/tag/4.4.0"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-11081", "datePublished": "2020-07-10T18:45:16", "dateReserved": "2020-03-30T00:00:00", "dateUpdated": "2024-08-04T11:21:14.829Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linuxfoundation:osquery:*:*:*:*:*:*:*:*", "matchCriteriaId": "6C2CBEA8-4F6B-429A-BBBC-4E7BA6BF5414", "versionEndExcluding": "4.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "osquery before version 4.4.0 enables a privilege escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables local escalation. This is fixed in version 4.4.0."}, {"lang": "es", "value": "osquery versiones anteriores a 4.4.0, habilita una vulnerabilidad de escalada de privilegios. Si un sistema Windows est\u00e1 configurado con una PATH que contiene un directorio escribible por parte del usuario, entonces un usuario local puede escribir una biblioteca DLL zlib1.dll, que osquery intentar\u00e1 cargar. Ya que osquery se ejecuta con privilegios elevados, esto permite una escalada local. Esto es corregido en la versi\u00f3n 4.4.0"}], "id": "CVE-2020-11081", "lastModified": "2023-01-20T20:32:50.900", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2020-07-10T19:15:11.553", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/osquery/osquery/commit/4d4957f12a6aa0becc9d01d9f97061e1e3d809c5"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/osquery/osquery/issues/6426"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/osquery/osquery/pull/6433"}, {"source": "security-advisories@github.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/osquery/osquery/releases/tag/4.4.0"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/osquery/osquery/security/advisories/GHSA-2xwp-8fv7-c5pm"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-114"}], "source": "security-advisories@github.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-426"}], "source": "nvd@nist.gov", "type": "Secondary"}]}