PT-2020-15900 · None+1 · Checkinstall+1

Gianni Tedesco

Published

2020-08-31

Updated

2020-09-04

CVE-2020-25031

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions checkinstall version 1.6.2

Description The issue arises when checkinstall is used to create a package containing a symlink, potentially leading to the creation of an executable file with mode 0777 permissions.

Recommendations For checkinstall version 1.6.2, consider avoiding the creation of packages that contain symlinks until a fix is available. As a temporary workaround, manually adjust the permissions of created executable files to prevent unintended access.

Exploit

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

CVE-2020-25031

Affected Products

Debian

Checkinstall

PT-2020-15900 · None+1 · Checkinstall+1

CVE-2020-25031

Weakness Enumeration

Related Identifiers

Affected Products

References · 8