Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
4.4
CVSSv3

CVE-2020-13696

Published: 08/06/2020 Updated: 07/11/2023
CVSS v2 Base Score: 3.6 | Impact Score: 4.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 4.4 | Impact Score: 2.5 | Exploitability Score: 1.8
VMScore: 320
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N

Vulnerability Summary

An issue exists in LinuxTV xawtv prior to 3.107. The function dev_open() in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker with access to the v4l-conf setuid-root program to test for the existence of arbitrary files and to trigger an open on arbitrary files with mode O_RDWR. To achieve this, relative path components need to be added to the device path, as demonstrated by a v4l-conf -c /dev/../root/.bash_history command.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linuxtv xawtv

debian debian linux 8.0

opensuse leap 15.1

opensuse backports sle 15.0

fedoraproject fedora 31

fedoraproject fedora 32

canonical ubuntu linux 16.04

Vendor Advisories

Debian CVElist Bug Report Logs: xawtv: CVE-2020-13696
Debian Bug report logs - #962221 xawtv: CVE-2020-13696 Package: src:xawtv; Maintainer for src:xawtv is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 4 Jun 2020 17:33:01 UTC Severity: grave Tags: security, upstream Found in versio ...

Mailing Lists

Full Disclosure: xawtv: CVE-2020-13696: v4l-conf setuid-root program allows file existence tests and open(..., O_RDRW) on arbitrary files
Hallo, xawtv [1] contains a setuid-root program called `v4l-conf` that is supposed to allow regular users to configure v4l devices xawtv is pretty old code but it is stilled shipped on some distributions like Debian and openSUSE Vulnerability Description ========================= While checking the source code of `v4l-conf` I noticed that it a ...

References

CWE-863https://git.linuxtv.org/xawtv3.git/commit/?id=31f31f9cbaee7be806cba38e0ff5431bd44b20a3http://www.openwall.com/lists/oss-security/2020/06/04/6https://git.linuxtv.org/xawtv3.git/commit/?id=36dc44e68e5886339b4a0fbe3f404fb1a4fd2292https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-13696https://git.linuxtv.org/xawtv3.git/commit/?id=8e3feea862db68d3ca0886f46cd99fab45d2db7chttp://lists.opensuse.org/opensuse-security-announce/2020-06/msg00013.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-06/msg00009.htmlhttps://lists.debian.org/debian-lts-announce/2020/06/msg00018.htmlhttps://usn.ubuntu.com/4518-1/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELOXU5LXQSQOXX64D4BICZV3TQWOBXHC/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7XWAO7W2DGA6M52JGK2TDWUGF62Q2KY/https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962221
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692CVE-2012-1823memory leakCVE-2024-0627CVE-2024-31402privilege escalationCVE-2024-36418remote code executionCVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook