[Bug 1171041] New: VUL-1: CVE-2020-12050: Packaging vulnerability in sqliteODBC exposing to local privilege escalation to root
http://bugzilla.suse.com/show_bug.cgi?id=1171041 Bug ID: 1171041 Summary: VUL-1: CVE-2020-12050: Packaging vulnerability in sqliteODBC exposing to local privilege escalation to root Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.1 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: mpluskal@suse.com Reporter: atoptsoglou@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- CVE-2020-12050 SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.9996-4, has a race condition leading to root privilege escalation because any user can replace a /tmp/sqliteodbc$$ file with new contents that cause loading of an arbitrary library. References: https://bugzilla.redhat.com/show_bug.cgi?id=1825762 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12050 http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-12050.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12050 http://www.ch-werner.de/sqliteodbc/ https://sysdream.com/news/lab/ -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1171041
Alexandros Toptsoglou
http://bugzilla.suse.com/show_bug.cgi?id=1171041
Maintenance Robot
http://bugzilla.suse.com/show_bug.cgi?id=1171041
Martin Pluskal
http://bugzilla.suse.com/show_bug.cgi?id=1171041
http://bugzilla.suse.com/show_bug.cgi?id=1171041#c1
--- Comment #1 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1171041
http://bugzilla.suse.com/show_bug.cgi?id=1171041#c2
--- Comment #2 from Swamp Workflow Management
participants (1)
-
bugzilla_noreply@novell.com