ROSA LABROSA-SA-2021-1934Advisory ROSA-SA-2021-1934
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
12.6%
Software: oddjob 0.31.5
OS: Cobalt 7.9
CVE-ID: CVE-2020-10737
CVE-Crit: MEDIUM
CVE-DESC: A race condition was discovered in the mkhomedir tool provided with the oddjob package in versions prior to 0.34.5 and 0.34.6, whereby during the creation of the home directory, mkhomedir copies the / etc / skel directory to the newly created home directory and changes its ownership to the home user without properly checking the homedir path. This flaw allows an attacker to exploit this problem by creating a symbolic link point to the target folder, ownership of which is then transferred to an unprivileged user of the new home directory.
CVE-STATUS: default
CVE-REV: default
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
12.6%