CVE-2017-20148

CVE-2017-20148

Name

CVE-2017-20148

Description

In the ebuild package through logcheck-1.3.23.ebuild for Logcheck on Gentoo, it is possible to achieve root privilege escalation from the logcheck user because of insecure recursive chown calls.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://bugs.gentoo.org/630752
GENTOO	https://security.gentoo.org/glsa/202209-10

Type

URI

MISC

https://bugs.gentoo.org/630752

GENTOO

https://security.gentoo.org/glsa/202209-10

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:debian:logcheck::::::::`	logcheck	>= None	<= 1.3.23

CPE URI

Source package

Min version

Max version

cpe:2.3:a:debian:logcheck:*:*:*:*:*:*:*:*

logcheck

>= None

<= 1.3.23

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
logcheck	3.16-main	1.3.23-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
logcheck	3.15-main	1.3.23-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
logcheck	3.14-main	1.3.23-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
logcheck	3.13-main	1.3.20-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

logcheck

3.16-main

1.3.23-r1

Natanael Copa <ncopa@alpinelinux.org>

possibly vulnerable

logcheck

3.15-main