Oval Definition:oval:org.opensuse.security:def:20207040
Revision Date:2022-06-30Version:1
Title:CVE-2020-7040
Description:

storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that file.)
Family:unixClass:vulnerability
Status:Reference(s):CVE-2020-7040
openSUSE-SU-2020:0119-1
Mitre CVE-2020-7040
SUSE CVE-2020-7040
openSUSE-SU-2020:0119-1
Platform(s):openSUSE Leap 15.1
openSUSE Tumbleweed
SUSE Linux Enterprise High Performance Computing 15
SUSE Linux Enterprise High Performance Computing 15 SP1
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server 15 SP1
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise Server for SAP Applications 15 SP1
SUSE Linux Enterprise Storage 6
SUSE Manager Proxy 4.0
SUSE Manager Server 4.0
SUSE Package Hub for SUSE Linux Enterprise 15
SUSE Package Hub for SUSE Linux Enterprise 15 SP1
Product(s):
Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • storeBackup-3.5-lp151.5.3 is installed
  • AND storeBackup is signed with openSUSE key
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND storeBackup-3.5-13.2 is installed
    • Definition Synopsis
  • SUSE Package Hub for SUSE Linux Enterprise 15 SP1 is installed
  • AND storeBackup-3.5-bp151.4.3.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Package Hub for SUSE Linux Enterprise 15 SP1 is installed
  • AND storeBackup-3.5-bp151.4.3.1 is installed
  • OR Package Information
  • SUSE Package Hub for SUSE Linux Enterprise 15 is installed
  • AND storeBackup-3.5-bp150.3.3.1 is installed
    • BACK