CVE-2020-10737

NameCVE-2020-10737
DescriptionA race condition was found in the mkhomedir tool shipped with the oddjob package in versions before 0.34.5 and 0.34.6 wherein, during the home creation, mkhomedir copies the /etc/skel directory into the newly created home and changes its ownership to the home's user without properly checking the homedir path. This flaw allows an attacker to leverage this issue by creating a symlink point to a target folder, which then has its ownership transferred to the new home directory's unprivileged user.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
Debian Bugs960089

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
oddjob (PTS)stretch0.34.3-2vulnerable
bullseye, buster0.34.4-1vulnerable
sid0.34.6-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
oddjobsource(unstable)0.34.6-1960089

Notes

[buster] - oddjob <no-dsa> (Minor issue)
https://bugzilla.redhat.com/show_bug.cgi?id=1833042
https://pagure.io/oddjob/c/10b8aaa1564b723a005b53acc069df71313f4cac

Search for package or bug name: Reporting problems