VDB
CVE-2020-36657
CVE-2020-36657
PUBLISHED
uptimed before 0.4.6-r1 on Gentoo allows local users (with access to the uptimed user account) to gain root privileges by creating a hard link within the /var/spool/uptimed directory, because there is an unsafe chown -R call.
EPSS 0.04% · 14.0th percentile
Risk Scores
EPSS Score
0.04%
14.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | uptimed | 0, 1:0.4.0+git20150923.6b22106-1.1, 1:0.4.0+git20150923.6b22106-2 |
| Ubuntu:16.04:LTS | uptimed | 1:0.3.17-4, 0 |
| Ubuntu:25.10 | uptimed | *, 0 |
| Ubuntu:24.04:LTS | uptimed | 1:0.4.6-3, 0 |
| Ubuntu:22.04:LTS | uptimed | 1:0.4.6-2, 1:0.4.6-3, 1:0.4.6-1 |
| Ubuntu:20.04:LTS | uptimed | 0, *, 1:0.4.2-1 |
Exploit Intelligence
- https://bugs.gentoo.org/630810 (nist-nvd)
- GLSA-202305-14 (circl)
Timeline
- Jan 25, 2023 CVE Published
- Jan 26, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 17, 2023 EPSS Score
- May 27, 2023 EPSS Score
- Jul 6, 2023 EPSS Score
- Aug 16, 2023 EPSS Score
- Sep 25, 2023 EPSS Score
- Nov 4, 2023 EPSS Score
- Dec 15, 2023 EPSS Score
- Jan 24, 2024 EPSS Score
- Mar 4, 2024 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-36657 third-party-advisory
- https://bugs.gentoo.org/630810 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-36657 third-party-advisory