PT-2020-14408 · Hylafax+1 · Hylafax+2

Johannes Segitz

Published

2020-06-30

Updated

2024-06-15

CVE-2020-15396

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HylaFAX+ versions prior to 7.0.3 HylaFAX Enterprise (affected versions not specified)

Description The issue allows a local attacker to potentially escalate privileges to root by exploiting a race condition in the faxsetup utility, which uses chown on files in user-owned directories.

Recommendations For HylaFAX+ versions prior to 7.0.3, update to version 7.0.3 or later to resolve the issue. For HylaFAX Enterprise, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

CVE-2020-15396

MGASA-2020-0356

OPENSUSE-SU-2020:1209-1

OPENSUSE-SU-2020:1210-1

OPENSUSE-SU-2020:1231-1

OPENSUSE-SU-2020:1438-1

OPENSUSE-SU-2020_1209-1

OPENSUSE-SU-2020_1210-1

OPENSUSE-SU-2024:10852-1

Affected Products

Hylafax Enterprise

Hylafax

Suse

PT-2020-14408 · Hylafax+1 · Hylafax+2

CVE-2020-15396

Weakness Enumeration

Related Identifiers

Affected Products

References · 38