CVE-2020-36657

NameCVE-2020-36657
Descriptionuptimed before 0.4.6-r1 on Gentoo allows local users (with access to the uptimed user account) to gain root privileges by creating a hard link within the /var/spool/uptimed directory, because there is an unsafe chown -R call.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
uptimed (PTS)bullseye1:0.4.3-1fixed
bookworm1:0.4.6-3fixed
forky, sid, trixie1:0.4.6-3.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
uptimedsource(unstable)(not affected)

Notes

- uptimed <not-affected> (Gentoo-specific)
Search for package or bug name: Reporting problems