TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2020-15397

HIGH
7.8

Beschreibung

HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account). This allows these users to execute code in the context of the user calling these binaries (often root).

CVE Details

CVSS v3.1 Bewertung7.8
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorLOCAL
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht6/30/2020
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0

Betroffene Produkte

hylafax\+_project:hylafax\+ifax:hylafax_enterprise

Schwachen (CWE)

CWE-732

Referenzen

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00039.html(cve@mitre.org)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00040.html(cve@mitre.org)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00046.html(cve@mitre.org)
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00054.html(cve@mitre.org)
https://bugzilla.suse.com/show_bug.cgi?id=1173519(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J52QFVREJWJ35YSEEDDRMZQ2LM2H2WE6/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y46FOVJUS5SO44A2VEKR7DXEHTI4WK5L/(cve@mitre.org)
https://security.gentoo.org/glsa/202007-06(cve@mitre.org)
https://sourceforge.net/p/hylafax/HylaFAX+/2534/(cve@mitre.org)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00039.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00040.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00046.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00054.html(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.suse.com/show_bug.cgi?id=1173519(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J52QFVREJWJ35YSEEDDRMZQ2LM2H2WE6/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y46FOVJUS5SO44A2VEKR7DXEHTI4WK5L/(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202007-06(af854a3a-2127-422b-91ae-364da2661108)
https://sourceforge.net/p/hylafax/HylaFAX+/2534/(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.