CVE-2020-13696
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-13696
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-13696.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-13696
- Related
- Published
- 2020-06-08T17:15:10Z
- Modified
- 2024-10-12T23:48:22.112391Z
- Severity
-
- 4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in LinuxTV xawtv before 3.107. The function devopen() in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker with access to the v4l-conf setuid-root program to test for the existence of arbitrary files and to trigger an open on arbitrary files with mode ORDWR. To achieve this, relative path components need to be added to the device path, as demonstrated by a v4l-conf -c /dev/../root/.bash_history command.
- References
-
- https://git.linuxtv.org/xawtv3.git/commit/?id=31f31f9cbaee7be806cba38e0ff5431bd44b20a3
- https://git.linuxtv.org/xawtv3.git/commit/?id=36dc44e68e5886339b4a0fbe3f404fb1a4fd2292
- https://git.linuxtv.org/xawtv3.git/commit/?id=8e3feea862db68d3ca0886f46cd99fab45d2db7c
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00013.html
- http://www.openwall.com/lists/oss-security/2020/06/04/6
- https://lists.debian.org/debian-lts-announce/2020/06/msg00018.html
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-13696
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELOXU5LXQSQOXX64D4BICZV3TQWOBXHC/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7XWAO7W2DGA6M52JGK2TDWUGF62Q2KY/
- https://usn.ubuntu.com/4518-1/
- https://security-tracker.debian.org/tracker/CVE-2020-13696
Affected packages
Debian:11 / xawtv
Package
- Name
- xawtv
- Purl
- pkg:deb/debian/xawtv?arch=source
Debian:12 / xawtv
Package
- Name
- xawtv
- Purl
- pkg:deb/debian/xawtv?arch=source
Debian:13 / xawtv
Package
- Name
- xawtv
- Purl
- pkg:deb/debian/xawtv?arch=source