Improper access control in lynis - CVE-2020-13882
Published: September 1, 2020
Vulnerability identifier: #VU46151
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-13882
CWE-ID: CWE-284
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
lynis
lynis
Software vendor:
cisofy.com
cisofy.com
Description
The vulnerability allows a local user to gain unauthorized access to sensitive information.
The vulnerability exists due to improper access restrictions due to a TOCTOU race condition. The routine to check the log and report file permissions was not working as intended and could be bypassed locally. Because of the race, an unprivileged attacker can set up a log and report file, and control that up to the point where the specific routine is doing its check. After that, the file can be removed, recreated, and used for additional attacks.
Remediation
Install update from vendor's website.
External links
- https://cisofy.com/security/cve/cve-2020-13882/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDCHEKNR3HPJRNHE5PYKFH5GNBADTPA7/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBFHIX6RTHCK37FXMAAXP4KGAMLUFDUD/