CVE-2020-10174
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely reuses a preexisting temporary directory in the predictable location /tmp/timeshift. It follows symlinks in this location or uses directories owned by unprivileged users. Because Timeshift also executes scripts under this location, an attacker can attempt to win a race condition to replace scripts created by Timeshift with attacker-controlled scripts. Upon success, an attacker-controlled script is executed with full root privileges. This logic is practically always triggered when Timeshift runs regardless of the command-line arguments used.
init_tmp en TeeJee.FileSystem.vala en Timeshift versiones anteriores a 20.03, reutiliza de forma no segura un directorio temporal preexistente en la ubicación predecible /tmp/timeshift. Sigue los enlaces simbólicos en esta ubicación o usa directorios propiedad de los usuarios sin privilegios. Debido a que Timeshift también ejecuta scripts bajo esta ubicación, un atacante puede intentar ganar una condición de carrera para sustituir los scripts creados mediante Timeshift con scripts controlados por el atacante. Tras el éxito, un script controlado por el atacante es ejecutado con todos los privilegios root. Esta lógica es siempre activada prácticamente cuando Timeshift se ejecuta independientemente de los argumentos de línea de comando utilizados.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-03-05 CVE Reserved
- 2020-03-05 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-59: Improper Link Resolution Before File Access ('Link Following')
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2020/03/06/3 | Mailing List |
|
| https://bugzilla.suse.com/show_bug.cgi?id=1165802 | Issue Tracking | |
| https://github.com/teejee2008/timeshift/releases/tag/v20.03 | Release Notes |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/teejee2008/timeshift/commit/335b3d5398079278b8f7094c77bfd148b315b462 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Timeshift Project Search vendor "Timeshift Project" | Timeshift Search vendor "Timeshift Project" for product "Timeshift" | < 20.03 Search vendor "Timeshift Project" for product "Timeshift" and version " < 20.03" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 30 Search vendor "Fedoraproject" for product "Fedora" and version "30" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 31 Search vendor "Fedoraproject" for product "Fedora" and version "31" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 32 Search vendor "Fedoraproject" for product "Fedora" and version "32" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 19.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.10" | - |
Affected
| ||||||