Unrated severityNVD Advisory· Published Aug 7, 2020· Updated Sep 16, 2024

outdated entries in permissions profiles for /var/lib/pcp/tmp/* may cause security issues

CVE-2020-8025

Description

A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the pcp package to unintended settings. This issue affects: SUSE Linux Enterprise Server 12-SP4 permissions versions prior to 20170707-3.24.1. SUSE Linux Enterprise Server 15-LTSS permissions versions prior to 20180125-3.27.1. SUSE Linux Enterprise Server for SAP 15 permissions versions prior to 20180125-3.27.1. openSUSE Leap 15.1 permissions versions prior to 20181116-lp151.4.24.1. openSUSE Tumbleweed permissions versions prior to 20200624.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

SUSE S.A./permissionsllm-fuzzy
osv-coords8 versions
pkg:rpm/opensuse/pcp&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/pcp&distro=openSUSE%20Leap%2015.4 pkg:rpm/suse/pcp&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/pcp&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/pcp&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/pcp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/pcp&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/permissions&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2
< 3.11.9-150000.5.14.1+ 7 more
- (no CPE)range: < 3.11.9-150000.5.14.1
- (no CPE)range: < 3.11.9-150000.5.14.1
- (no CPE)range: < 3.11.9-5.11.5
- (no CPE)range: < 3.11.9-5.11.5
- (no CPE)range: < 3.11.9-5.11.5
- (no CPE)range: < 3.11.9-5.11.5
- (no CPE)range: < 3.11.9-6.17.1
- (no CPE)range: < 20181224-23.3.1
openSUSE/openSUSE Leap 15.1v5
Range: permissions
openSUSE/openSUSE Tumbleweedv5
Range: permissions
SUSE S.A./Linux Enterprise Servercpe-rescue2 versions
permissions+ 1 more
- (no CPE)range: permissions
- (no CPE)range: permissions
SUSE S.A./Linux Enterprise For Sapcpe-rescue
Range: permissions

Patches

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

bugzilla.suse.com/show_bug.cgimitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000