CVE-2020-8013 permissions: chkstat sets unintended setuid/capabilities for mrsh and wodim

🗓️ 02 Mar 2020 16:35:13Reported by suseType

CHKSTAT sets unintended setuid/capabilities for mrsh and wodi

Reporter	Title	Published	Views	Family All 31
BDU FSTEC	The vulnerability of the chkstat tool for checking and installing access rights for files on SUSE Linux Enterprise Server allows a perpetrator to increase their privileges.	18 Dec 202000:00	–	bdu_fstec
CVE	CVE-2020-8013	2 Mar 202016:35	–	cve
EUVD	EUVD-2020-28926	7 Oct 202500:30	–	euvd
NVD	CVE-2020-8013	2 Mar 202017:15	–	nvd
Tenable Nessus	openSUSE Security Update : permissions (openSUSE-2020-302)	6 Mar 202000:00	–	nessus
Tenable Nessus	openSUSE 15 Security Update : permissions (openSUSE-SU-2021:1520-1)	3 Dec 202100:00	–	nessus
Tenable Nessus	SUSE SLES12 Security Update : permissions (SUSE-SU-2020:0545-1)	2 Mar 202000:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 Security Update : permissions (SUSE-SU-2020:0547-1)	2 Mar 202000:00	–	nessus
Tenable Nessus	SUSE SLES15 Security Update : permissions (SUSE-SU-2020:1163-1)	7 May 202000:00	–	nessus
Tenable Nessus	SUSE SLES12 Security Update : permissions (SUSE-SU-2021:2280-1)	10 Jul 202100:00	–	nessus

[
  {
    "product": "SUSE Linux Enterprise Server 12",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2015.09.28.1626-17.27.1",
        "status": "affected",
        "version": "permissions",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Server 15",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "20181116-9.23.1",
        "status": "affected",
        "version": "permissions",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Server 11",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2013.1.7-0.6.12.1",
        "status": "affected",
        "version": "permissions",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
lists	www.lists.opensuse.org/opensuse-security-announce/2020-03/msg00010.html
bugzilla	www.bugzilla.suse.com/show_bug.cgi

19 Nov 2020 17:09Current

4Medium risk

Vulners AI Score4

CVSS 3.12.2

EPSS0.00053

CWE-59