CVE-2020-7040

storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that file.)
Link Following
Severity
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Atk. Vector
NETWORK
Atk. Complexity
HIGH
Priv. Required
NONE
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
VendorProductVersion
storebackupstorebackup
𝑥
≤ 3.5
debiandebian_linux
8.0
opensusebackports_sle
15.0
opensusebackports_sle
15.0
opensuseleap
15.1
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
canonicalubuntu_linux
20.04
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
storebackup
sid
3.2.1-2
fixed
trixie
3.2.1-2
fixed
bookworm
3.2.1-2
fixed
bullseye
3.2.1-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
storebackup
focal
Fixed 3.2.1-1+deb8u1build0.20.04.1
released
eoan
ignored
disco
ignored
bionic
Fixed 3.2.1-1+deb8u1build0.18.04.1
released
xenial
Fixed 3.2.1-1+deb8u1build0.16.04.1
released
trusty
dne