Unrated severityNVD Advisory· Published Jan 21, 2020· Updated Aug 4, 2024
CVE-2020-7040
CVE-2020-7040
Description
storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that file.)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6- storeBackup/storeBackupdescription
- Range: <=3.5
- osv-coords4 versionspkg:rpm/opensuse/storeBackup&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/storeBackup&distro=openSUSE%20Tumbleweedpkg:rpm/suse/storeBackup&distro=SUSE%20Package%20Hub%2015pkg:rpm/suse/storeBackup&distro=SUSE%20Package%20Hub%2015%20SP1
< 3.5-bp151.4.3.1+ 3 more
- (no CPE)range: < 3.5-bp151.4.3.1
- (no CPE)range: < 3.5-13.2
- (no CPE)range: < 3.5-bp151.4.3.1
- (no CPE)range: < 3.5-bp151.4.3.1
Patches
Vulnerability mechanics
References
10- lists.opensuse.org/opensuse-security-announce/2020-01/msg00054.htmlmitrevendor-advisoryx_refsource_SUSE
- usn.ubuntu.com/4508-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.openwall.com/lists/oss-security/2020/01/20/3mitrex_refsource_MISC
- www.openwall.com/lists/oss-security/2020/01/21/2mitremailing-listx_refsource_MLIST
- www.openwall.com/lists/oss-security/2020/01/22/2mitremailing-listx_refsource_MLIST
- www.openwall.com/lists/oss-security/2020/01/22/3mitremailing-listx_refsource_MLIST
- www.openwall.com/lists/oss-security/2020/01/23/1mitremailing-listx_refsource_MLIST
- bugzilla.suse.com/show_bug.cgimitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2020/02/msg00003.htmlmitremailing-listx_refsource_MLIST
- seclists.org/oss-sec/2020/q1/20mitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.