High Severity Vulnerability
This vulnerability has been rated as High severity. Immediate action is recommended.
CVE-2020-10174
HighVulnerability Description
init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely reuses a preexisting temporary directory in the predictable location /tmp/timeshift. It follows symlinks in this location or uses directories owned by unprivileged users. Because Timeshift also executes scripts under this location, an attacker can attempt to win a race condition to replace scripts created by Timeshift with attacker-controlled scripts. Upon success, an attacker-controlled script is executed with full root privileges. This logic is practically always triggered when Timeshift runs regardless of the command-line arguments used.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Known Affected Software
4 configuration(s) from 2 vendor(s)
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
References & Resources
-
http://www.openwall.com/lists/oss-security/2020/03/06/3cve@mitre.org Mailing List Third Party Advisory
-
https://bugzilla.suse.com/show_bug.cgi?id=1165802cve@mitre.org Issue Tracking Third Party Advisory
-
https://github.com/teejee2008/timeshift/commit/335b3d5398079278b8f7094c77bfd148b315b462cve@mitre.org Patch Third Party Advisory
-
https://github.com/teejee2008/timeshift/releases/tag/v20.03cve@mitre.org Release Notes Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAOFXT64CEUMJE3723JDJWTEQWQUCYMD/cve@mitre.org
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SXDEPC52G46U6I7GLQNFLZXVSM7V2HYY/cve@mitre.org
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXXYQFSZ5P6ZMNFIDBAQKBFZIR2T7ZLL/cve@mitre.org
-
https://usn.ubuntu.com/4312-1/cve@mitre.org Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2020/03/06/3af854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
https://bugzilla.suse.com/show_bug.cgi?id=1165802af854a3a-2127-422b-91ae-364da2661108 Issue Tracking Third Party Advisory
-
https://github.com/teejee2008/timeshift/commit/335b3d5398079278b8f7094c77bfd148b315b462af854a3a-2127-422b-91ae-364da2661108 Patch Third Party Advisory
-
https://github.com/teejee2008/timeshift/releases/tag/v20.03af854a3a-2127-422b-91ae-364da2661108 Release Notes Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAOFXT64CEUMJE3723JDJWTEQWQUCYMD/af854a3a-2127-422b-91ae-364da2661108
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SXDEPC52G46U6I7GLQNFLZXVSM7V2HYY/af854a3a-2127-422b-91ae-364da2661108
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXXYQFSZ5P6ZMNFIDBAQKBFZIR2T7ZLL/af854a3a-2127-422b-91ae-364da2661108
-
https://usn.ubuntu.com/4312-1/af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
Severity Details
Weakness Type (CWE)
Improper Link Resolution Before File Access ('Link Following')
- Description
- The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
- Exploit Likelihood
- Medium
- Typical Severity
- Medium
- Abstraction Level
- Base
Key Information
- Published Date
- March 05, 2020
