CVE-2020-13882

NameCVE-2020-13882
DescriptionCISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TOCTOU race condition. The routine to check the log and report file permissions was not working as intended and could be bypassed locally. Because of the race, an unprivileged attacker can set up a log and report file, and control that up to the point where the specific routine is doing its check. After that, the file can be removed, recreated, and used for additional attacks.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitylow

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
lynis (PTS)stretch2.4.0-1vulnerable
buster2.6.2-1vulnerable
bullseye2.7.5-1vulnerable
sid3.0.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
lynissource(unstable)3.0.0-1unimportant

Notes

Neutralised by kernel hardening
https://github.com/CISOfy/lynis/pull/594
https://github.com/CISOfy/lynis/commit/5b09da0d9878096d45f04b858c4f65e674369ab4

Search for package or bug name: Reporting problems