Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.9
CVSSv2

CVE-2020-10174

Published: 05/03/2020 Updated: 07/11/2023
CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4
CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1
VMScore: 614
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Timeshift Project

Vulnerability Summary

init_tmp in TeeJee.FileSystem.vala in Timeshift prior to 20.03 unsafely reuses a preexisting temporary directory in the predictable location /tmp/timeshift. It follows symlinks in this location or uses directories owned by unprivileged users. Because Timeshift also executes scripts under this location, an attacker can attempt to win a race condition to replace scripts created by Timeshift with attacker-controlled scripts. Upon success, an attacker-controlled script is executed with full root privileges. This logic is practically always triggered when Timeshift runs regardless of the command-line arguments used.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

timeshift project timeshift

fedoraproject fedora 30

fedoraproject fedora 31

fedoraproject fedora 32

canonical ubuntu linux 19.10

Vendor Advisories

Debian CVElist Bug Report Logs: timeshift: CVE-2020-10174
Debian Bug report logs - #953385 timeshift: CVE-2020-10174 Package: src:timeshift; Maintainer for src:timeshift is Yanhao Mo <yanhaocs@gmailcom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 8 Mar 2020 20:33:02 UTC Severity: important Tags: security, upstream Found in versions timeshift/1901+d ...
Ubuntu Security Notice: Timeshift vulnerability
Timeshift could be made to run programs as an administrator ...

Mailing Lists

Full Disclosure: CVE-2020-10174: timeshift: arbitrary local code execution due to unsafe usage of temporary directory in /tmp/timeshift
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> CVE-2020-10174: timeshift: arbitrary local code execution due to unsafe usage of temporary directory in /tmp/timeshift <!--X-S ...

References

CWE-362CWE-59https://github.com/teejee2008/timeshift/releases/tag/v20.03https://bugzilla.suse.com/show_bug.cgi?id=1165802https://github.com/teejee2008/timeshift/commit/335b3d5398079278b8f7094c77bfd148b315b462http://www.openwall.com/lists/oss-security/2020/03/06/3https://usn.ubuntu.com/4312-1/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXXYQFSZ5P6ZMNFIDBAQKBFZIR2T7ZLL/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SXDEPC52G46U6I7GLQNFLZXVSM7V2HYY/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAOFXT64CEUMJE3723JDJWTEQWQUCYMD/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953385https://usn.ubuntu.com/4312-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895blind SQL injectionCVE-2024-5064CVE-2023-52677CVE-2023-52682CVE-2024-30051CVE-2024-35849remote attackersremote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook