PT-2020-19927 · Suse · Suse Linux Enterprise Server 15+5
Matthias Gerstner
·
Published
2020-08-07
·
Updated
2022-05-27
·
CVE-2020-8025
CVSS v3.1
9.3
Critical
| Vector | AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SUSE Linux Enterprise Server 12-SP4 permissions versions prior to 20170707-3.24.1
SUSE Linux Enterprise Server 15-LTSS permissions versions prior to 20180125-3.27.1
SUSE Linux Enterprise Server for SAP 15 permissions versions prior to 20180125-3.27.1
openSUSE Leap 15.1 permissions versions prior to 20181116-lp151.4.24.1
openSUSE Tumbleweed permissions versions prior to 20200624
Description
A vulnerability in the permissions package of the affected systems sets the permissions for some of the directories of the pcp package to unintended settings. This issue is related to Incorrect Execution-Assigned Permissions.
Recommendations
For SUSE Linux Enterprise Server 12-SP4, update the permissions package to version 20170707-3.24.1 or later.
For SUSE Linux Enterprise Server 15-LTSS, update the permissions package to version 20180125-3.27.1 or later.
For SUSE Linux Enterprise Server for SAP 15, update the permissions package to version 20180125-3.27.1 or later.
For openSUSE Leap 15.1, update the permissions package to version 20181116-lp151.4.24.1 or later.
For openSUSE Tumbleweed, update the permissions package to version 20200624 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Suse Linux Enterprise Server 12-Sp4
Suse Linux Enterprise Server 15
Suse Linux Enterprise Server For Sap 15
Suse
Opensuse Leap 15.1
Opensuse Tumbleweed