Privilege Escalation via Hard Link Vulnerability in uptimed before 0.4.6-r1 on Gentoo
CVE-2020-36657 · HIGH Severity
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
uptimed before 0.4.6-r1 on Gentoo allows local users (with access to the uptimed user account) to gain root privileges by creating a hard link within the /var/spool/uptimed directory, because there is an unsafe chown -R call.
Learn more about our Cis Benchmark Audit For Debian Family Linux.