Description
A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. The symlinks can't be controlled by attackers on default systems, so exploitation is difficult. This issue affects: SUSE Linux Enterprise Server 12 permissions versions prior to 2015.09.28.1626-17.27.1. SUSE Linux Enterprise Server 15 permissions versions prior to 20181116-9.23.1. SUSE Linux Enterprise Server 11 permissions versions prior to 2013.1.7-0.6.12.1.
Published: 2020-03-02
Score: 2.2 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2020-28926 A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. The symlinks can't be controlled by attackers on default systems, so exploitation is difficult. This issue affects: SUSE Linux Enterprise Server 12 permissions versions prior to 2015.09.28.1626-17.27.1. SUSE Linux Enterprise Server 15 permissions versions prior to 20181116-9.23.1. SUSE Linux Enterprise Server 11 permissions versions prior to 2013.1.7-0.6.12.1.
History

No history.

Subscriptions

Opensuse Leap
Suse Linux Enterprise Server
cve-icon MITRE

Status: PUBLISHED

Assigner: suse

Published:

Updated: 2024-09-16T17:23:50.476Z

Reserved: 2020-01-27T00:00:00.000Z

Link: CVE-2020-8013

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-03-02T17:15:19.593

Modified: 2024-11-21T05:38:13.043

Link: CVE-2020-8013

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses