QwikSec

Security Database

CVE

CWE

Training

CVE-2020-7040

Published: Jan 21, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that file.)

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-7040

x_refsource_MISC

http://www.openwall.com/lists/oss-security/2020/01/20/3

x_refsource_MISC

[oss-security] CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock

mailing-list

x_refsource_MLIST

[oss-security] 20200121 Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock

mailing-list

x_refsource_MLIST

[oss-security] 20200122 Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock

mailing-list

x_refsource_MLIST

[oss-security] 20200122 Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock

mailing-list

x_refsource_MLIST

[oss-security] 20200123 Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock

mailing-list

x_refsource_MLIST

openSUSE-SU-2020:0119

vendor-advisory

x_refsource_SUSE

[debian-lts-announce] 20200205 [SECURITY] [DLA 2095-1] storebackup security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_UBUNTU

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.