CVE-2020-8024 Common Vulnerabilities and Exposures

Upstream information

CVE-2020-8024 at MITRE

Description

A Incorrect Default Permissions vulnerability in the packaging of hylafax+ of openSUSE Leap 15.2, openSUSE Leap 15.1, openSUSE Factory allows local attackers to escalate from user uucp to users calling hylafax binaries. This issue affects: openSUSE Leap 15.2 hylafax+ versions prior to 7.0.2-lp152.2.1. openSUSE Leap 15.1 hylafax+ version 5.6.1-lp151.3.7 and prior versions. openSUSE Factory hylafax+ versions prior to 7.0.2-2.1.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

SUSE Bugzilla entry: 1172731 [RESOLVED / FIXED]

SUSE Security Advisories:

openSUSE-SU-2020:0958-1, published Thu Dec 7 12:55:40 2023

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Package Hub 15 SP1	`hylafax+ >= 7.0.3-bp151.6.8.1` `hylafax+-client >= 7.0.3-bp151.6.8.1` `libfaxutil7_0_3 >= 7.0.3-bp151.6.8.1`	Patchnames: openSUSE-2020-1711
SUSE Package Hub 15 SP2	`hylafax+ >= 7.0.3-bp152.3.8.1` `hylafax+-client >= 7.0.3-bp152.3.8.1` `libfaxutil7_0_3 >= 7.0.3-bp152.3.8.1`	Patchnames: openSUSE-2020-1714
openSUSE Leap 15.1	`hylafax+ >= 7.0.3-lp151.4.9.1` `hylafax+-client >= 7.0.3-lp151.4.9.1` `libfaxutil7_0_2 >= 7.0.2-lp151.4.3.1` `libfaxutil7_0_3 >= 7.0.3-lp151.4.9.1`	Patchnames: openSUSE-2020-1700 openSUSE-2020-958
openSUSE Leap 15.2	`hylafax+ >= 7.0.3-lp152.3.9.1` `hylafax+-client >= 7.0.3-lp152.3.9.1` `libfaxutil7_0_3 >= 7.0.3-lp152.3.9.1`	Patchnames: openSUSE-2020-1700
openSUSE Tumbleweed	`hylafax+ >= 7.0.3-5.1` `hylafax+-client >= 7.0.3-5.1` `libfaxutil7_0_3 >= 7.0.3-5.1`	Patchnames: openSUSE-Tumbleweed-2024-10852

SUSE Timeline for this CVE

CVE page created: Tue Jun 9 14:49:21 2020
CVE page last modified: Mon Sep 9 13:40:12 2024