CVE-2020-8025: outdated entries in permissions profiles for /var/lib/pcp/tmp/* may cause security issues
First published: Mon Jul 06 2020(Updated: )
A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the pcp package to unintended settings. This issue affects: SUSE Linux Enterprise Server 12-SP4 permissions versions prior to 20170707-3.24.1. SUSE Linux Enterprise Server 15-LTSS permissions versions prior to 20180125-3.27.1. SUSE Linux Enterprise Server for SAP 15 permissions versions prior to 20180125-3.27.1. openSUSE Leap 15.1 permissions versions prior to 20181116-lp151.4.24.1. openSUSE Tumbleweed permissions versions prior to 20200624.
Credit: meissner@suse.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SUSE Linux Enterprise High Performance Computing | =15 | |
| SUSE Linux Enterprise High Performance Computing | =15 | |
| SUSE Linux Enterprise Server | =15 | |
| SUSE Linux Enterprise Server | =15-sp1 | |
| SUSE Linux Enterprise Server | =15-sp2 | |
| SUSE Linux Enterprise Software Development Kit | =12-sp4 | |
| SUSE Linux Enterprise Software Development Kit | =12-sp5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-8025?
CVE-2020-8025 is an Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed.
What is the severity of CVE-2020-8025?
CVE-2020-8025 has a severity rating of critical (9.3).
Which software is affected by CVE-2020-8025?
CVE-2020-8025 affects SUSE Linux Enterprise High Performance Computing 15, SUSE Linux Enterprise Server 15 (LTSS, 15-SP1, 15-SP2), and SUSE Linux Enterprise Software Development Kit 12-SP4, 12-SP5.
How does CVE-2020-8025 impact the affected software?
CVE-2020-8025 sets incorrect permissions for some directories in the affected software, which may lead to unauthorized access or manipulation of files.
Is there a fix for CVE-2020-8025?
Yes, a fix for CVE-2020-8025 is available. Users should update to the latest version of the permissions package for their respective SUSE Linux distributions.
- agent/type
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/references
- agent/weakness
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/severity
- agent/event
- agent/first-publish-date
- agent/tags
- vendor/suse
- canonical/suse linux enterprise high performance computing
- version/suse linux enterprise high performance computing/15
- canonical/suse linux enterprise server
- version/suse linux enterprise server/15
- version/suse linux enterprise server/15-sp1
- version/suse linux enterprise server/15-sp2
- canonical/suse linux enterprise software development kit
- version/suse linux enterprise software development kit/12-sp4
- version/suse linux enterprise software development kit/12-sp5