CVE-2020-15396

2020-06-30T12:15:00
ID CVE-2020-15396
Type cve
Reporter cve@mitre.org
Modified 2021-07-21T11:39:00

Description

In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root.