cnvd - cnvd-2021-28785

cnvd-2021-28785

Vulnerability from cnvd

Title: oddjob路径遍历漏洞

Description:

oddjob是一款用于D-Bus的具有公共网关接口功能的软件包。

oddjob 0.34.5之前版本和0.34.6之前版本中的mkhomedir工具存在路径遍历漏洞，该漏洞源于在创建home目录期间，mkhomedir将/etc/skel目录复制到新创建的home目录中，并在没有正确检查homedir路径的情况下将其所有权更改为home用户。攻击者可借助特制的符号链接利用该漏洞提升权限。

Severity: 低

Patch Name: oddjob路径遍历漏洞的补丁

Patch Description:

oddjob是一款用于D-Bus的具有公共网关接口功能的软件包。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://pagure.io/oddjob/c/10b8aaa1564b723a005b53acc069df71313f4cac?branch

Reference: https://access.redhat.com/security/cve/cve-2020-10737

Impacted products

Name
['oddjob oddjob <0.34.5', 'oddjob oddjob <0.34.6']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-10737"
    }
  },
  "description": "oddjob\u662f\u4e00\u6b3e\u7528\u4e8eD-Bus\u7684\u5177\u6709\u516c\u5171\u7f51\u5173\u63a5\u53e3\u529f\u80fd\u7684\u8f6f\u4ef6\u5305\u3002\n\noddjob 0.34.5\u4e4b\u524d\u7248\u672c\u548c0.34.6\u4e4b\u524d\u7248\u672c\u4e2d\u7684mkhomedir\u5de5\u5177\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u521b\u5efahome\u76ee\u5f55\u671f\u95f4\uff0cmkhomedir\u5c06/etc/skel\u76ee\u5f55\u590d\u5236\u5230\u65b0\u521b\u5efa\u7684home\u76ee\u5f55\u4e2d\uff0c\u5e76\u5728\u6ca1\u6709\u6b63\u786e\u68c0\u67e5homedir\u8def\u5f84\u7684\u60c5\u51b5\u4e0b\u5c06\u5176\u6240\u6709\u6743\u66f4\u6539\u4e3ahome\u7528\u6237\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u7b26\u53f7\u94fe\u63a5\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://pagure.io/oddjob/c/10b8aaa1564b723a005b53acc069df71313f4cac?branch",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-28785",
  "openTime": "2021-04-16",
  "patchDescription": "oddjob\u662f\u4e00\u6b3e\u7528\u4e8eD-Bus\u7684\u5177\u6709\u516c\u5171\u7f51\u5173\u63a5\u53e3\u529f\u80fd\u7684\u8f6f\u4ef6\u5305\u3002\r\n\r\noddjob 0.34.5\u4e4b\u524d\u7248\u672c\u548c0.34.6\u4e4b\u524d\u7248\u672c\u4e2d\u7684mkhomedir\u5de5\u5177\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u521b\u5efahome\u76ee\u5f55\u671f\u95f4\uff0cmkhomedir\u5c06/etc/skel\u76ee\u5f55\u590d\u5236\u5230\u65b0\u521b\u5efa\u7684home\u76ee\u5f55\u4e2d\uff0c\u5e76\u5728\u6ca1\u6709\u6b63\u786e\u68c0\u67e5homedir\u8def\u5f84\u7684\u60c5\u51b5\u4e0b\u5c06\u5176\u6240\u6709\u6743\u66f4\u6539\u4e3ahome\u7528\u6237\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u7b26\u53f7\u94fe\u63a5\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "oddjob\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "oddjob oddjob \u003c0.34.5",
      "oddjob oddjob \u003c0.34.6"
    ]
  },
  "referenceLink": "https://access.redhat.com/security/cve/cve-2020-10737",
  "serverity": "\u4f4e",
  "submitTime": "2020-05-09",
  "title": "oddjob\u8def\u5f84\u904d\u5386\u6f0f\u6d1e"
}

CVE-2020-10737 (GCVE-0-2020-10737)

Vulnerability from cvelistv5

Published

2020-05-27 00:00

Modified

2024-08-04 11:14

Severity ?

6.3 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-362

Summary

A race condition was found in the mkhomedir tool shipped with the oddjob package in versions before 0.34.5 and 0.34.6 wherein, during the home creation, mkhomedir copies the /etc/skel directory into the newly created home and changes its ownership to the home's user without properly checking the homedir path. This flaw allows an attacker to leverage this issue by creating a symlink point to a target folder, which then has its ownership transferred to the new home directory's unprivileged user.

References

▼	URL	Tags
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10737
	https://pagure.io/oddjob/c/10b8aaa1564b723a005b53acc069df71313f4cac?branch

Impacted products

	Vendor	Product	Version
	Red Hat	oddjob	Version: before 0.34.5 Version: before 0.34.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:14:14.865Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10737"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pagure.io/oddjob/c/10b8aaa1564b723a005b53acc069df71313f4cac?branch"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "oddjob",
          "vendor": "Red Hat",
          "versions": [
            {
              "status": "affected",
              "version": "before 0.34.5"
            },
            {
              "status": "affected",
              "version": "before 0.34.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A race condition was found in the mkhomedir tool shipped with the oddjob package in versions before 0.34.5 and 0.34.6 wherein, during the home creation, mkhomedir copies the /etc/skel directory into the newly created home and changes its ownership to the home\u0027s user without properly checking the homedir path. This flaw allows an attacker to leverage this issue by creating a symlink point to a target folder, which then has its ownership transferred to the new home directory\u0027s unprivileged user."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-07T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10737"
        },
        {
          "url": "https://pagure.io/oddjob/c/10b8aaa1564b723a005b53acc069df71313f4cac?branch"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-10737",
    "datePublished": "2020-05-27T00:00:00",
    "dateReserved": "2020-03-20T00:00:00",
    "dateUpdated": "2024-08-04T11:14:14.865Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted