Vulnerability Name: | CVE-2020-10174 (CCN-177314) | ||||||||||||
Assigned: | 2020-03-05 | ||||||||||||
Published: | 2020-03-05 | ||||||||||||
Updated: | 2022-01-01 | ||||||||||||
Summary: | init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely reuses a preexisting temporary directory in the predictable location /tmp/timeshift. It follows symlinks in this location or uses directories owned by unprivileged users. Because Timeshift also executes scripts under this location, an attacker can attempt to win a race condition to replace scripts created by Timeshift with attacker-controlled scripts. Upon success, an attacker-controlled script is executed with full root privileges. This logic is practically always triggered when Timeshift runs regardless of the command-line arguments used. | ||||||||||||
CVSS v3 Severity: | 7.0 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) 6.1 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
| ||||||||||||
Vulnerability Type: | CWE-362 CWE-59 | ||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2020-10174 Source: MLIST Type: Mailing List, Third Party Advisory [oss-security] 20200306 CVE-2020-10174: timeshift: arbitrary local code execution due to unsafe usage of temporary directory in /tmp/timeshift Source: MISC Type: Issue Tracking, Third Party Advisory https://bugzilla.suse.com/show_bug.cgi?id=1165802 Source: XF Type: UNKNOWN timeshift-cve202010174-code-exec(177314) Source: CCN Type: Timeshift GIT Repository Change TEMP_DIR permissions and path; Cleanup on exit; Source: MISC Type: Patch, Third Party Advisory https://github.com/teejee2008/timeshift/commit/335b3d5398079278b8f7094c77bfd148b315b462 Source: MISC Type: Release Notes, Third Party Advisory https://github.com/teejee2008/timeshift/releases/tag/v20.03 Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2020-1050d60507 Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2020-6b3ae09449 Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2020-c18248f61a Source: CCN Type: oss-sec Mailing List, Fri, 6 Mar 2020 14:46:35 +0100 CVE-2020-10174: timeshift: arbitrary local code execution due to unsafe usage of temporary directory in /tmp/timeshift Source: UBUNTU Type: Third Party Advisory USN-4312-1 | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: ![]() | ||||||||||||
BACK |