5 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-28407
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as...
RHEL 8 : 8.2_swtpm (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - swtpm: symlink issue may lead to privilege escalation CVE-2020-28407 Note that Nessus has not tested for this issue...
RHEL 8 : swtpm (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - swtpm: symlink issue may lead to privilege escalation CVE-2020-28407 - swtpm: Unchecked header size...
CVE-2020-28407
CVE-2020-28407 affects the TPM emulator product swtpm (versions before 0.4.2 and 0.5.x before 0.5.1). A local attacker can overwrite arbitrary files via a symlink attack against a temporary file (e.g., TMP2-00.permall). The issue is achievable with local access and does not require user interacti...
[ASA-202011-21] swtpm: privilege escalation
Arch Linux Security Advisory ASA-202011-21 ========================================== Severity: Medium Date : 2020-11-19 CVE-ID : CVE-2020-28407 Package : swtpm Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-1282 Summary ======= The package swtpm before version...