Vulnerability CVE-2020-24654

Vulnerability Name:

CVE-2020-24654 (CCN-187832)

Assigned:

2020-08-27

Published:

2020-08-27

Updated:

2022-09-12

Summary:

In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.

CVSS v3 Severity:

3.3 Low (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)
2.9 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
3.5 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-59

Vulnerability Consequences:

File Manipulation

References:

Source: MITRE
Type: CNA
CVE-2020-24654

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2020:1310

Source: CONFIRM
Type: Issue Tracking, Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1175857

Source: XF
Type: UNKNOWN
kde-cve202024654-symlink(187832)

Source: CONFIRM
Type: Patch, Third Party Advisory
https://github.com/KDE/ark/commit/8bf8c5ef07b0ac5e914d752681e470dea403a5bd

Source: CCN
Type: KDE Project Security Advisory
Ark: maliciously crafted TAR archive with symlinks can install files outside the extraction directory

Source: CONFIRM
Type: Vendor Advisory
https://kde.org/info/security/advisory-20200827-1.txt

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20220520 [SECURITY] [DLA 3015-1] ark security update

Source: FEDORA
Type: Third Party Advisory
FEDORA-2020-c2f8a1e8a5

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2020-f04f41bcc9

Source: GENTOO
Type: Third Party Advisory
GLSA-202010-06

Source: GENTOO
Type: Third Party Advisory
GLSA-202101-06

Source: UBUNTU
Type: Third Party Advisory
USN-4482-1

Source: DEBIAN
Type: Third Party Advisory
DSA-4759

Vulnerable Configuration:

Configuration 1:

cpe:/a:kde:ark:*:*:*:*:*:*:*:* (Version < 20.08.1)

Configuration 2:

cpe:/o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

OR cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

OR cpe:/o:opensuse:leap:15.1:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:32:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*

OR cpe:/o:opensuse:leap:15.2:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 4:

cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:kde:ark:20.08.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:202024654	V	CVE-2020-24654	2022-06-30
oval:org.opensuse.security:def:111974	P	ark-21.08.1-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:64804	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:64594	P	Security update for python-Pygments (Important)	2021-10-20
oval:org.opensuse.security:def:64595	P	Security update for python (Moderate)	2021-10-20
oval:org.opensuse.security:def:105536	P	ark-21.08.1-1.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:63452	P	python2-ecdsa-0.13.3-3.3.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63314	P	apache2-devel-2.4.43-3.17.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:62833	P	typelib-1_0-JavaScriptCore-4_0-2.32.0-3.15.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:63047	P	xstream-1.4.15-3.5.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:63550	P	libpskc-devel-2.6.2-1.15 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:64702	P	Security update for dhcp (Important)	2021-06-02
oval:org.opensuse.security:def:64501	P	Security update for lz4 (Important)	2021-05-19
oval:org.opensuse.security:def:64458	P	Security update for xen (Important)	2021-04-06
oval:org.opensuse.security:def:74567	P	Security update for python3 (Important)	2020-12-23
oval:org.opensuse.security:def:63079	P	gv-3.7.4-1.41 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62633	P	gdm-3.34.1-6.19 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62632	P	gdk-pixbuf-query-loaders-32bit-2.40.0-1.25 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63054	P	libnss_slurm2-20.02.3-1.7 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63257	P	davfs2-1.5.4-1.4 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62656	P	libXp6-32bit-1.0.3-1.24 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63112	P	aws-cli-1.18.38-8.8.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63051	P	libpmi0-18.08.5-1.30 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:74916	P	Security update for MozillaThunderbird (Important)	2020-12-01
oval:org.opensuse.security:def:64347	P	liblua5_3-5-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64005	P	Security update for python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer (Moderate)	2020-12-01
oval:org.opensuse.security:def:63900	P	Security update for xmltooling (Moderate)	2020-12-01
oval:org.opensuse.security:def:64974	P	Security update for gnutls (Important)	2020-12-01
oval:org.opensuse.security:def:64245	P	elfutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:63678	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:75049	P	Security update for ark (Moderate)	2020-12-01
oval:org.opensuse.security:def:64389	P	libssh2-1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64139	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:63753	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:74441	P	Security update for MozillaFirefox, MozillaFirefox-branding-SLE (Important)	2020-12-01
oval:org.opensuse.security:def:64129	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:64862	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:109698	P	Security update for ark (Moderate)	2020-09-01
oval:org.opensuse.security:def:103041	P	Security update for ark (Moderate)	2020-09-01
oval:org.opensuse.security:def:110191	P	Security update for ark (Moderate)	2020-09-01
oval:org.opensuse.security:def:93508	P	Security update for ark (Moderate)	2020-09-01
oval:org.opensuse.security:def:110744	P	Security update for ark (Moderate)	2020-09-01
oval:org.opensuse.security:def:96351	P	Security update for ark (Moderate)	2020-09-01
oval:org.opensuse.security:def:100221	P	Security update for ark (Moderate)	2020-09-01

BACK