CVE-2020-10737

A race condition was found in the mkhomedir tool shipped with the oddjob package in versions before 0.34.5 and 0.34.6 wherein, during the home creation, mkhomedir copies the /etc/skel directory into the newly created home and changes its ownership to the home's user without properly checking the homedir path. This flaw allows an attacker to leverage this issue by creating a symlink point to a target folder, which then has its ownership transferred to the new home directory's unprivileged user.

CVSS v3.0 6.3 MEDIUM
CVSS v2.0 3.7 LOW

6.3^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 0.3 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

3.7^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 1.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://pagure.io/oddjob/c/10b8aaa1564b723a005b53acc069df71313f4cac?branch	Patch Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10737	Issue Tracking Vendor Advisory

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:oddjob:*:*:*:*:*:*:*:*

Information

Published : 2020-05-26 18:15

Updated : 2022-12-02 18:26

NVD link : CVE-2020-10737

Mitre link : CVE-2020-10737

JSON object : View

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Advertisement

Products Affected

redhat

oddjob

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://pagure.io/oddjob/c/10b8aaa1564b723a005b53acc069df71313f4cac?branch", "name": "https://pagure.io/oddjob/c/10b8aaa1564b723a005b53acc069df71313f4cac?branch", "tags": ["Patch", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10737", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10737", "tags": ["Issue Tracking", "Vendor Advisory"], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A race condition was found in the mkhomedir tool shipped with the oddjob package in versions before 0.34.5 and 0.34.6 wherein, during the home creation, mkhomedir copies the /etc/skel directory into the newly created home and changes its ownership to the home's user without properly checking the homedir path. This flaw allows an attacker to leverage this issue by creating a symlink point to a target folder, which then has its ownership transferred to the new home directory's unprivileged user."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-362"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2020-10737", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 3.7, "accessVector": "LOCAL", "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "acInsufInfo": false, "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 1.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.3}}, "publishedDate": "2020-05-27T01:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:redhat:oddjob:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "0.34.5"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-12-03T02:26Z"}