vulnerability

SUSE: CVE-2020-8013: SUSE Linux Security Advisory

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
2	(AV:L/AC:M/Au:N/C:N/I:P/A:N)	Feb 28, 2020	Mar 3, 2020	Oct 22, 2021

Severity

CVSS

(AV:L/AC:M/Au:N/C:N/I:P/A:N)

Published

Feb 28, 2020

Added

Mar 3, 2020

Modified

Oct 22, 2021

Description

A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. The symlinks can't be controlled by attackers on default systems, so exploitation is difficult. This issue affects: SUSE Linux Enterprise Server 12 permissions versions prior to 2015.09.28.1626-17.27.1. SUSE Linux Enterprise Server 15 permissions versions prior to 20181116-9.23.1. SUSE Linux Enterprise Server 11 permissions versions prior to 2013.1.7-0.6.12.1.

Solutions

suse-upgrade-permissionssuse-upgrade-permissions-zypp-plugin

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today