Vulnerability identifier: #VU55644

Vulnerability risk: Low

CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2020-28169

CWE-ID: CWE-732

Exploitation vector: Local

Exploit availability: Yes

Vulnerable software:
td-agent-builder
Universal components / Libraries / Programming Languages & Components

Vendor:

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect permissions assignment for the bin directory in the td-agent-builder plugin for Fluentd. A local user overwrite arbitrary files in the bin directory, which are later executed with elevated privileges.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

---

External links
http://github.com/kenhys/td-agent-builder/commit/eec6e2dedf12f2e0c01c2bbe7b8c15b639b3b938
http://www.fluentd.org/
http://td-agent-package-browser.herokuapp.com/4/windows
http://docs.fluentd.org/installation/install-by-msi
http://github.com/fluent/fluentd/issues/3201
http://github.com/fluent-plugins-nursery/td-agent-builder/pull/247/commits/6f9cb6393392d62caa99907c0ebbcbab6b94a3f1
http://packetstormsecurity.com/files/160791/Fluentd-TD-agent-4.0.1-Insecure-Folder-Permission.html

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.