Upstream information

CVE-2020-8024 at MITRE


A Incorrect Default Permissions vulnerability in the packaging of hylafax+ of openSUSE Leap 15.2, openSUSE Leap 15.1, openSUSE Factory allows local attackers to escalate from user uucp to users calling hylafax binaries. This issue affects: openSUSE Leap 15.2 hylafax+ versions prior to 7.0.2-lp152.2.1. openSUSE Leap 15.1 hylafax+ version 5.6.1-lp151.3.7 and prior versions. openSUSE Factory hylafax+ versions prior to 7.0.2-2.1.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.8
Vector AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
CVSS v3 Scores
  National Vulnerability Database
Base Score 5.3
Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality Impact Low
Integrity Impact Low
Availability Impact Low
CVSSv3 Version 3.1
SUSE Bugzilla entry: 1172731 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Package Hub 15 SP1
  • hylafax+ >= 7.0.3-bp151.6.8.1
  • hylafax+-client >= 7.0.3-bp151.6.8.1
  • libfaxutil7_0_3 >= 7.0.3-bp151.6.8.1
SUSE Package Hub 15 SP2
  • hylafax+ >= 7.0.3-bp152.3.8.1
  • hylafax+-client >= 7.0.3-bp152.3.8.1
  • libfaxutil7_0_3 >= 7.0.3-bp152.3.8.1
openSUSE Leap 15.1
  • hylafax+ >= 7.0.3-lp151.4.9.1
  • hylafax+-client >= 7.0.3-lp151.4.9.1
  • libfaxutil7_0_2 >= 7.0.2-lp151.4.3.1
  • libfaxutil7_0_3 >= 7.0.3-lp151.4.9.1
openSUSE Leap 15.2
  • hylafax+ >= 7.0.3-lp152.3.9.1
  • hylafax+-client >= 7.0.3-lp152.3.9.1
  • libfaxutil7_0_3 >= 7.0.3-lp152.3.9.1
openSUSE Tumbleweed
  • hylafax+ >= 7.0.3-5.1
  • hylafax+-client >= 7.0.3-5.1
  • libfaxutil7_0_3 >= 7.0.3-5.1
openSUSE Tumbleweed GA hylafax+-7.0.3-5.1

SUSE Timeline for this CVE

CVE page created: Tue Jun 9 14:49:21 2020
CVE page last modified: Thu Dec 7 13:27:29 2023