Debian Bug report logs -
#953385
timeshift: CVE-2020-10174
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, team@security.debian.org, Yanhao Mo <yanhaocs@gmail.com>
:
Bug#953385
; Package src:timeshift
.
(Sun, 08 Mar 2020 20:33:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, team@security.debian.org, Yanhao Mo <yanhaocs@gmail.com>
.
(Sun, 08 Mar 2020 20:33:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: timeshift
Version: 19.01+ds-2.1
Severity: important
Tags: security upstream
Control: found -1 19.01+ds-2
Hi,
The following vulnerability was published for timeshift.
CVE-2020-10174[0]:
| init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely
| reuses a preexisting temporary directory in the predictable location
| /tmp/timeshift. It follows symlinks in this location or uses
| directories owned by unprivileged users. Because Timeshift also
| executes scripts under this location, an attacker can attempt to win a
| race condition to replace scripts created by Timeshift with attacker-
| controlled scripts. Upon success, an attacker-controlled script is
| executed with full root privileges. This logic is practically always
| triggered when Timeshift runs regardless of the command-line arguments
| used.
Note that this seem not to be mitigated by the default enabled
fs.protected_symlinks kernel hardening.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-10174
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10174
[1] https://www.openwall.com/lists/oss-security/2020/03/06/3
[2] https://bugzilla.suse.com/show_bug.cgi?id=1165802
[3] https://github.com/teejee2008/timeshift/commit/335b3d5398079278b8f7094c77bfd148b315b462
Regards,
Salvatore
Marked as found in versions timeshift/19.01+ds-2.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to submit@bugs.debian.org
.
(Sun, 08 Mar 2020 20:33:04 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Mon Mar 9 08:34:20 2020;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.