CVE-2020-35501 - log back

CVE-2020-35501 edited at 18 Mar 2021 12:59:39
Description
A security issue was found in the Linux kernel. The open_by_handle_at syscall is not covered by the current file watch implementation of Auditd. This allows a local attacker with elevated privileges (CAP_DAC_READ_SEARCH capability) to read and modify files without being noticed by the implemented Auditd file watches.
+
+ This syscall can still be audited by using the 'syscall auditing feature' by passing open_by_handle_at to it in the rule. Existing auditing ruleset requirements generally use this mechanism.
CVE-2020-35501 edited at 27 Feb 2021 23:41:38
References
https://www.openwall.com/lists/oss-security/2021/02/18/1
https://www.openwall.com/lists/oss-security/2021/02/18/3
+ https://lore.kernel.org/linux-audit/7230785.EvYhyI6sBW@x2/
+ https://github.com/linux-audit/audit-kernel/issues/9
CVE-2020-35501 edited at 19 Feb 2021 09:46:16
Severity
- Unknown
+ Low
Remote
- Unknown
+ Local
Type
- Unknown
+ Insufficient validation
Description
+ A security issue was found in the Linux kernel. The open_by_handle_at syscall is not covered by the current file watch implementation of Auditd. This allows a local attacker with elevated privileges (CAP_DAC_READ_SEARCH capability) to read and modify files without being noticed by the implemented Auditd file watches.
References
+ https://www.openwall.com/lists/oss-security/2021/02/18/1
+ https://www.openwall.com/lists/oss-security/2021/02/18/3
Notes
+ The validity of this CVE is disputed.
CVE-2020-35501 created at 19 Feb 2021 09:44:10