Privilege Escalation via Hard Link Vulnerability in uptimed before 0.4.6-r1 on Gentoo

Privilege Escalation via Hard Link Vulnerability in uptimed before 0.4.6-r1 on Gentoo

CVE-2020-36657 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

uptimed before 0.4.6-r1 on Gentoo allows local users (with access to the uptimed user account) to gain root privileges by creating a hard link within the /var/spool/uptimed directory, because there is an unsafe chown -R call.

Learn more about our Cis Benchmark Audit For Debian Family Linux.