CVE-2020-36657

Name of the Vulnerable Software and Affected Versions uptimed versions prior to 0.4.6-r1

Description The issue allows local users with access to the uptimed user account to gain root privileges. This is achieved by creating a hard link within the /var/spool/uptimed directory, taking advantage of an unsafe chown -R call.

Recommendations For versions prior to 0.4.6-r1, update to version 0.4.6-r1 or later to resolve the issue. As a temporary workaround, consider restricting access to the /var/spool/uptimed directory to prevent the creation of hard links.