CVE-2020-8024: Problematic permissions in hylafax+ packaging allow escalation from uucp to other users
First published: Mon Jun 29 2020(Updated: )
A Incorrect Default Permissions vulnerability in the packaging of hylafax+ of openSUSE Leap 15.2, openSUSE Leap 15.1, openSUSE Factory allows local attackers to escalate from user uucp to users calling hylafax binaries. This issue affects: openSUSE Leap 15.2 hylafax+ versions prior to 7.0.2-lp152.2.1. openSUSE Leap 15.1 hylafax+ version 5.6.1-lp151.3.7 and prior versions. openSUSE Factory hylafax+ versions prior to 7.0.2-2.1.
Credit: meissner@suse.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Opensuse Hylafax\+ | <7.0.2-lp152.2.1 | |
| openSUSE Leap | =15.2 | |
| Opensuse Hylafax\+ | <5.6.1-lp151.3.7 | |
| openSUSE Leap | =15.1 | |
| Opensuse Hylafax\+ | <7.0.2-2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/remedy
- agent/author
- agent/last-modified-date
- agent/severity
- agent/description
- agent/event
- agent/first-publish-date
- agent/tags
- vendor/opensuse
- canonical/opensuse hylafax\+
- canonical/opensuse leap
- version/opensuse leap/15.2
- version/opensuse leap/15.1