CVE-2020-8017
race condition on texlive-filesystem cron job allows for the deletion of unintended files
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A Race Condition Enabling Link Following vulnerability in the cron job shipped with texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users in group mktex to delete arbitrary files on the system This issue affects: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 texlive-filesystem versions prior to 2017.135-9.5.1. SUSE Linux Enterprise Software Development Kit 12-SP4 texlive-filesystem versions prior to 2013.74-16.5.1. SUSE Linux Enterprise Software Development Kit 12-SP5 texlive-filesystem versions prior to 2013.74-16.5.1. openSUSE Leap 15.1 texlive-filesystem versions prior to 2017.135-lp151.8.3.1.
Una vulnerabilidad de CondiciĆ³n de Carrera habilitando un Seguimiento de Enlace en el trabajo de cron enviado con texlive-filesystem del SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1, permite a usuarios locales en el grupo mktex eliminar archivos arbitrarios sobre el sistema. Este problema afecta: texlive-filesystem de SUSE Linux Enterprise Module for Desktop Applications 15-SP1 versiones anteriores a 2017.135-9.5.1. texlive-filesystem de SUSE Linux Enterprise Software Development Kit 12-SP4 versiones anteriores a 2013.74-16.5.1. texlive-filesystem de SUSE Linux Enterprise Software Development Kit 12-SP5 versiones anteriores a 2013.74-16.5.1. texlive-filesystem de openSUSE Leap 15.1 versiones anteriores a 2017.135-lp151.8.3.1.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-01-27 CVE Reserved
- 2020-04-02 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00021.html | 2022-11-21 | |
https://bugzilla.suse.com/show_bug.cgi?id=1158910 | 2022-11-21 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Opensuse Search vendor "Opensuse" | Texlive-filesystem Search vendor "Opensuse" for product "Texlive-filesystem" | < 2017.135-9.5.1 Search vendor "Opensuse" for product "Texlive-filesystem" and version " < 2017.135-9.5.1" | - |
Affected
| in | Suse Search vendor "Suse" | Linux Enterprise Desktop Search vendor "Suse" for product "Linux Enterprise Desktop" | 15 Search vendor "Suse" for product "Linux Enterprise Desktop" and version "15" | sp1 |
Safe
|
Opensuse Search vendor "Opensuse" | Texlive-filesystem Search vendor "Opensuse" for product "Texlive-filesystem" | < 2013.74-16.5.1 Search vendor "Opensuse" for product "Texlive-filesystem" and version " < 2013.74-16.5.1" | - |
Affected
| in | Suse Search vendor "Suse" | Linux Enterprise Software Development Kit Search vendor "Suse" for product "Linux Enterprise Software Development Kit" | 12 Search vendor "Suse" for product "Linux Enterprise Software Development Kit" and version "12" | sp4 |
Safe
|
Opensuse Search vendor "Opensuse" | Texlive-filesystem Search vendor "Opensuse" for product "Texlive-filesystem" | < 2013.74-16.5.1 Search vendor "Opensuse" for product "Texlive-filesystem" and version " < 2013.74-16.5.1" | - |
Affected
| in | Suse Search vendor "Suse" | Linux Enterprise Software Development Kit Search vendor "Suse" for product "Linux Enterprise Software Development Kit" | 12 Search vendor "Suse" for product "Linux Enterprise Software Development Kit" and version "12" | sp5 |
Safe
|
Opensuse Search vendor "Opensuse" | Texlive-filesystem Search vendor "Opensuse" for product "Texlive-filesystem" | - | - |
Affected
| in | Suse Search vendor "Suse" | Linux Enterprise Desktop Search vendor "Suse" for product "Linux Enterprise Desktop" | 15 Search vendor "Suse" for product "Linux Enterprise Desktop" and version "15" | - |
Safe
|
Opensuse Search vendor "Opensuse" | Texlive-filesystem Search vendor "Opensuse" for product "Texlive-filesystem" | < 2017.135-lp151.8.3.1 Search vendor "Opensuse" for product "Texlive-filesystem" and version " < 2017.135-lp151.8.3.1" | - |
Affected
| in | Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Safe
|
Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
|