CVE-2020-8013

Name of the Vulnerable Software and Affected Versions SUSE Linux Enterprise Server 12 versions prior to 2015.09.28.1626-17.27.1 SUSE Linux Enterprise Server 15 versions prior to 20181116-9.23.1 SUSE Linux Enterprise Server 11 versions prior to 2013.1.7-0.6.12.1

Description A UNIX Symbolic Link (Symlink) Following issue in chkstat affects SUSE Linux Enterprise Server, causing it to set permissions intended for specific binaries on other binaries because it erroneously follows symlinks. However, exploitation is difficult since the symlinks cannot be controlled by attackers on default systems. This issue is related to the incorrect determination of a link before accessing a file, which may allow an attacker to elevate their privileges.

Recommendations For SUSE Linux Enterprise Server 12 versions prior to 2015.09.28.1626-17.27.1, update to a version newer than 2015.09.28.1626-17.27.1 to resolve the issue. For SUSE Linux Enterprise Server 15 versions prior to 20181116-9.23.1, update to a version newer than 20181116-9.23.1 to resolve the issue. For SUSE Linux Enterprise Server 11 versions prior to 2013.1.7-0.6.12.1, update to a version newer than 2013.1.7-0.6.12.1 to resolve the issue.