Unrated severityNVD Advisory· Published Jun 29, 2020· Updated Sep 17, 2024
Problematic permissions in hylafax+ packaging allow escalation from uucp to other users
CVE-2020-8024
Description
A Incorrect Default Permissions vulnerability in the packaging of hylafax+ of openSUSE Leap 15.2, openSUSE Leap 15.1, openSUSE Factory allows local attackers to escalate from user uucp to users calling hylafax binaries. This issue affects: openSUSE Leap 15.2 hylafax+ versions prior to 7.0.2-lp152.2.1. openSUSE Leap 15.1 hylafax+ version 5.6.1-lp151.3.7 and prior versions. openSUSE Factory hylafax+ versions prior to 7.0.2-2.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6- osv-coords2 versionspkg:rpm/opensuse/hylafax+&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/hylafax+&distro=openSUSE%20Tumbleweed
< 7.0.2-lp151.4.3.1+ 1 more
- (no CPE)range: < 7.0.2-lp151.4.3.1
- (no CPE)range: < 7.0.3-5.1
- openSUSE/openSUSE Factoryv5Range: hylafax+
- openSUSE/openSUSE Leap 15.1v5Range: hylafax+
- openSUSE/openSUSE Leap 15.2v5Range: hylafax+
Patches
Vulnerability mechanics
References
2- lists.opensuse.org/opensuse-security-announce/2020-07/msg00022.htmlmitrevendor-advisoryx_refsource_SUSE
- bugzilla.suse.com/show_bug.cgimitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.