Security Advisory

CVE-2020-7040

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-01-21 20:03:11

Last updated 2024-08-04 09:18:02

Assigner mitre

State PUBLISHED

Description

storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that file.)

← Browse all CVEs View on cve.org ↗