CVE-2020-7040

 

Published at: - 21-01-2020 10:15

Last modified: - 27-01-2023 04:17

Total changes: - 3

Description

storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that file.)

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

 

Verification logic

 

Reference

• [oss-security] CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock-Mailing List, Third Party Advisory
• http://www.openwall.com/lists/oss-security/2020/01/20/3
• https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-7040
• [oss-security] 20200121 Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock-Mailing List, Third Party Advisory
• [oss-security] 20200122 Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock-Mailing List, Third Party Advisory
• [oss-security] 20200122 Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock-Mailing List, Third Party Advisory
• [oss-security] 20200123 Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock-Mailing List, Third Party Advisory
• openSUSE-SU-2020:0119-Mailing List, Patch, Third Party Advisory
• [debian-lts-announce] 20200205 [SECURITY] [DLA 2095-1] storebackup security update-Mailing List, Third Party Advisory
• USN-4508-1-Third Party Advisory

 

Keywords

NVD

 

CVE-2020-7040

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures