CVE-2020-15396

Published: Jun 30, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://sourceforge.net/p/hylafax/HylaFAX+/2534/

x_refsource_MISC

https://bugzilla.suse.com/show_bug.cgi?id=1173521

x_refsource_MISC

GLSA-202007-06

vendor-advisory

x_refsource_GENTOO

FEDORA-2020-8aa8793d25

vendor-advisory

x_refsource_FEDORA

FEDORA-2020-01eb48bcce

vendor-advisory

x_refsource_FEDORA

openSUSE-SU-2020:1209

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2020:1210

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2020:1231

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2020:1438

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-15396

Description

Affected Products

References