Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2020-15396 - log back

CVE-2020-15396 edited at 13 Jan 2021 21:02:17

Severity

-	Unknown
+	Medium

Remote

-	Unknown
+	Local

Type

-	Unknown
+	Privilege escalation

Description

+	In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root.

References

+	https://sourceforge.net/p/hylafax/HylaFAX+/2534/

Notes

CVE-2020-15396 created at 13 Jan 2021 21:01:03