Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
6
CVSSv3

CVE-2020-14367

Published: 24/08/2020 Updated: 07/11/2023
CVSS v2 Base Score: 3.6 | Impact Score: 4.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 6 | Impact Score: 5.2 | Exploitability Score: 0.8
VMScore: 320
Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P

Vulnerability Summary

A flaw was found in chrony versions prior to 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

tuxfamily chrony

fedoraproject fedora 32

canonical ubuntu linux 18.04

canonical ubuntu linux 20.04

Vendor Advisories

Amazon Linux AMI: ALAS-2020-1431
A flaw was found in chrony when creating the PID file under the /var/run/chrony folder The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file name This flaw allows an attacker with privileged access to create a symli ...
Amazon Linux 2: ALAS2-2021-1575
A flaw was found in chrony when creating the PID file under the /var/run/chrony folder The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file name This flaw allows an attacker with privileged access to create a symli ...

Mailing Lists

Full Disclosure: chrony: CVE-2020-14367: unsafe pidfile creation allows privilege escalation from chrony user to root
Hello, chrony is a versatile implementation of the Network Time Protocol (NTP) [1] # Issue Description The following applies to chrony version 35 In chronyd's main() function the call to `write_pidfile()` is made with full root privileges, while the privilege drop logic is only performed later via `SYS_DropRoot()` The pidfile is created usi ...

Github Repositories

https://github.com/uemitarslan/suma_scripts

Simple python scripts for various purposes

suma_scripts Simple python scripts for various purposes cve_reportpy is used to report systems that are affected by specific CVE's A sample report looks like: /cvepy Please provide a CVE-ID: CVE-2020-14367 {'system_id': 'sumaprx-btcsusede', 'patch_status': 'AFFECTED_PATCH_INAPPLICABLE', 'channel_labels': ['sle-mo

References

CWE-59https://bugzilla.redhat.com/show_bug.cgi?id=1870298https://security.gentoo.org/glsa/202008-23https://usn.ubuntu.com/4475-1/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WKABKNLCSC3MACCWU6OM2YGWVWFWFMU/https://nvd.nist.govhttps://github.com/uemitarslan/suma_scriptshttps://alas.aws.amazon.com/ALAS-2020-1431.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCPCVE-2024-4577CVE-2024-2695CVE-2024-31870injectionCVE-2024-3813arbitrary codeCVE-2024-27801CVE-2024-30120
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook