Unrated severityNVD Advisory· Published Jun 30, 2020· Updated Aug 4, 2024
CVE-2020-15396
CVE-2020-15396
Description
In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7- HylaFAX/HylaFAX+description
- osv-coords5 versionspkg:rpm/opensuse/hylafax+&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/hylafax+&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/hylafax+&distro=openSUSE%20Tumbleweedpkg:rpm/suse/hylafax+&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/hylafax+&distro=SUSE%20Package%20Hub%2015%20SP2
< 7.0.3-lp151.4.6.1+ 4 more
- (no CPE)range: < 7.0.3-lp151.4.6.1
- (no CPE)range: < 7.0.3-lp152.3.6.1
- (no CPE)range: < 7.0.3-5.1
- (no CPE)range: < 7.0.3-bp151.6.4.1
- (no CPE)range: < 7.0.3-bp152.3.4.1
Patches
Vulnerability mechanics
References
9- lists.opensuse.org/opensuse-security-announce/2020-08/msg00039.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-08/msg00040.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-08/msg00046.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-09/msg00054.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J52QFVREJWJ35YSEEDDRMZQ2LM2H2WE6/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y46FOVJUS5SO44A2VEKR7DXEHTI4WK5L/mitrevendor-advisoryx_refsource_FEDORA
- security.gentoo.org/glsa/202007-06mitrevendor-advisoryx_refsource_GENTOO
- bugzilla.suse.com/show_bug.cgimitrex_refsource_MISC
- sourceforge.net/p/hylafax/HylaFAX+/2534/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.