Alerts This Week
Warning Icon 1 775
Alerts This Week
Warning Icon 1 775

Mageia 7: 2020-0341 Critical: Chrony Symlink Attack Security Issue

mageia
Calendar Grey August 22, 2020
Dist Mageia Esm H88
The latest Chrony security patch for Mageia fixes a potential file overwrite vulnerability linked to the PID file, detailing insights on the flaw and solutions deployed
Chrony's method of opening its PID file could allow a compromised chrony user account to overwrite files in certain parts of the filesystem with chrony's PID, using a symlink attac...

Summary

Chrony's method of opening its PID file could allow a compromised chrony user account to overwrite files in certain parts of the filesystem with chrony's PID, using a symlink attack (CVE-2020-14367).

References

- https://bugs.mageia.org/show_bug.cgi?id=27166

- https://www.openwall.com/lists/oss-security/2020/08/21/1

- https://www.cve.org/CVERecord?id=CVE-2020-14367

Topics%20covered

Topics Covered

security advisory security issue file overwrite symlink attack chrony Mageia PID file

Resolution

SRPMS

- 7/core/chrony-3.4-2.1.mga7

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 22 Aug 2020
URL: https://advisories.mageia.org/MGASA-2020-0341.html
Type: security
CVE: CVE-2020-14367

Topics%20covered

Topics Covered

security advisory security issue file overwrite symlink attack chrony Mageia PID file

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here