 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2020-10737 |
| Description: | A race condition was found in the mkhomedir tool shipped with the oddjob package in versions before 0.34.5 and 0.34.6 wherein, during the home creation, mkhomedir copies the /etc/skel directory into the newly created home and changes its ownership to the home's user without properly checking the homedir path. This flaw allows an attacker to leverage this issue by creating a symlink point to a target folder, which then has its ownership transferred to the new home directory's unprivileged user. |
| Test IDs: | 1.3.6.1.4.1.25623.1.1.2.2021.1334 1.3.6.1.4.1.25623.1.1.2.2020.2524 1.3.6.1.4.1.25623.1.1.2.2020.2086 1.3.6.1.4.1.25623.1.0.877869 1.3.6.1.4.1.25623.1.0.877835 1.3.6.1.4.1.25623.1.1.2.2020.2260 1.3.6.1.4.1.25623.1.1.12.2022.5169.1 |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2020-10737 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10737 https://pagure.io/oddjob/c/10b8aaa1564b723a005b53acc069df71313f4cac?branch |